[midPoint] sms notification - https client certificate authentication
Oleksandr Nekriach
o.nekriach at dynatech.lv
Fri Mar 15 09:14:43 CET 2019
Hi,
Show us what is your JAVA runtime properties
or just run
# ps aux | grep tomcat
On Thu, 14 Mar 2019 at 17:53, Petr Herman <petr.herman at soc365.cz> wrote:
> Hello,
>
>
>
> yes, I’ve tried to add a client private key, client certificate(p12 file)
> and all related CAs to Java keystore.
>
>
>
> I’ve changed the name of the certificate KeyEntry to be the same as the
> HTTPS hostname, I’ve changed the password for the PrivateKeyEntry to be the
> same as keystore password, I’ve restarted Midpoint.
>
>
>
> *#*keytool -keystore keystore.jceks -storetype jceks -storepass changeit
> –list
>
> *smsconnector.cz.o2.com <http://smsconnector.cz.o2.com>, Mar 14, 2019,
> PrivateKeyEntry,*
>
> *thawte tls rsa ca g1, Mar 14, 2019, trustedCertEntry,*
>
> *default, Aug 17, 2018, SecretKeyEntry,*
>
> *et sms connector, Mar 14, 2019, trustedCertEntry,*
>
> *o2 sms connector, Mar 14, 2019, trustedCertEntry,*
>
>
>
> There is still the same issue:
>
>
>
> 2019-03-14 15:53:48,434 [] [pool-6-thread-1] DEBUG
> (com.evolveum.midpoint.notifications.impl.api.transports.SimpleSmsTransport):
> Sending SMS to URL https://smsconnector.cz.o2.com/smsconnector/getpost/GP
> (method POST)
>
> 2019-03-14 15:53:48,434 [] [pool-6-thread-1] DEBUG
> (com.evolveum.midpoint.notifications.impl.api.transports.SimpleSmsTransport):
> Using request headers:
>
> [Content-Type: application/x-www-form-urlencoded]
>
> 2019-03-14 15:53:48,443 [] [pool-6-thread-1] DEBUG
> (com.evolveum.midpoint.notifications.impl.api.transports.SimpleSmsTransport):
> Using request body text (encoding: ISO-8859-1):
>
>
> action=send&baID=1991234&fromNumber=%2b420720001234&toNumber=%2b420604555666&text=Test+zprava
>
> 2019-03-14 15:53:48,663 [] [pool-6-thread-1] ERROR
> (com.evolveum.midpoint.notifications.impl.api.transports.SimpleSmsTransport):
> Couldn't send SMS to [+420604555666] via null, trying another gateway, if
> there is any, reason: Received fatal alert: *handshake_failure (class
> javax.net.ssl.SSLHandshakeException)*
>
> 2019-03-14 15:53:48,667 [] [pool-6-thread-1] DEBUG
> (com.evolveum.midpoint.notifications.impl.api.transports.SimpleSmsTransport):
> Couldn't send SMS to [+420604555666] via null, trying another gateway, if
> there is any.
>
> *javax.net.ssl.SSLHandshakeException: Received fatal alert:
> handshake_failure*
>
> at sun.security.ssl.Alerts.getSSLException(Alerts.java:192)
>
> at sun.security.ssl.Alerts.getSSLException(Alerts.java:154)
>
> at
> sun.security.ssl.SSLSocketImpl.recvAlert(SSLSocketImpl.java:2020)
>
> at
> sun.security.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:1127)
>
> at
> sun.security.ssl.SSLSocketImpl.performInitialHandshake(SSLSocketImpl.java:1367)
>
> ...
>
>
>
>
>
> *Question is how to force Midpoint or Tomcat to use SSL client certificate
> from keystore during comunication with particular HTTPS URL?*
>
>
>
> Thank you for any advices
>
>
>
> Best regards
>
> Petr Herman
>
>
>
>
>
>
>
> *Od:* midPoint <midpoint-bounces at lists.evolveum.com> *za uživatele *Jason
> Everling
> *Odesláno:* Tuesday, March 12, 2019 9:10 PM
> *Komu:* midPoint General Discussion <midpoint at lists.evolveum.com>
> *Předmět:* Re: [midPoint] sms notification - https client certificate
> authentication
>
>
>
> Have you tried adding the client certificate/key into your midpoint
> keystore then running an sms notification?
>
>
>
>
>
>
>
> On Tue, Mar 12, 2019 at 9:08 AM Petr Herman <petr.herman at soc365.cz> wrote:
>
> Hello everyone,
>
>
>
> the customer wants to integrate O2 SMS gateway using HTTP GET/POST, but
> SMS gateway is using HTTPS client certificate for authentication.
>
>
>
> Does Midpoint support this feature?
>
>
>
> Thank you in advance
>
> Best regards
>
>
>
> Petr Herman
>
> Visitech a.s.
>
>
>
> _______________________________________________
> midPoint mailing list
> midPoint at lists.evolveum.com
> http://lists.evolveum.com/mailman/listinfo/midpoint
>
> _______________________________________________
> midPoint mailing list
> midPoint at lists.evolveum.com
> http://lists.evolveum.com/mailman/listinfo/midpoint
>
--
Best regards,
Oleksandr Nekriach | Identity and access management engineer
Dynatech, Jeruzalemes iela 1, Rīga, LV-1010, Latvia
<https://www.google.com/maps/place/DYNATECH/@56.9575205,24.1107235,17z/data=!3m1!4b1!4m5!3m4!1s0x46eecf5753e42351:0x23b120b9745cae62!8m2!3d56.9575205!4d24.1129122>
+37125314685 <+371%2025%20314%20685>
,
o.nekriach at dynatech.lv
|
www.dynatech.lv
Stay connected:
<https://www.facebook.com/DynatechLatvia/?ref=br_rs>
<https://www.linkedin.com/company-beta/17893047/>
Confidentiality Notice: This message contains confidential information and
is intended only for the named recipient(s). If you are not the addressee
you may not copy, distribute or perform any other activities with this
information. If you have received this transmission in error, please notify
us by e-mail immediately. E-mail transmission cannot be guaranteed to be
secure or error-free as information could be intercepted, corrupted, lost,
destroyed, arrive late or incomplete, or contain viruses.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.evolveum.com/pipermail/midpoint/attachments/20190315/314c51a9/attachment.htm>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: o.nekriach at dynatech.lv1520941785292-7772
Type: image/png
Size: 786 bytes
Desc: not available
URL: <https://lists.evolveum.com/pipermail/midpoint/attachments/20190315/314c51a9/attachment.png>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: o.nekriach at dynatech.lv1520941785292-7770
Type: image/png
Size: 4265 bytes
Desc: not available
URL: <https://lists.evolveum.com/pipermail/midpoint/attachments/20190315/314c51a9/attachment-0001.png>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: o.nekriach at dynatech.lv1520941785292-7771
Type: image/png
Size: 790 bytes
Desc: not available
URL: <https://lists.evolveum.com/pipermail/midpoint/attachments/20190315/314c51a9/attachment-0002.png>
More information about the midPoint
mailing list