WebSphere traditional config SSO using OIDC TAI and KeyCloak - single-sign-on

I have used websphere traditional to configure SSO using OIDC TAI and Keycloak
according to the following documents:
https://www.linkedin.com/pulse/implement-maximo-sso-openid-connect-keycloak-yasutaka-nishimura
https://www.ibm.com/docs/en/was-nd/8.5.5?topic=users-configuring-openid-connect-relying-party
I have problem when Login and got error: Error 403: AuthenticationFailed
[6/6/22 10:19:13:695 ICT] 0000013a WebAuthentica E SECJ0126E: Trust Association failed during validation. The exception is com.ibm.websphere.security.WebTrustAssociationFailedException: CWTAI2007E: The OpenID Connect relying party (RP) encountered a failure during the login. The exception is [ResponseCode: 401]. Check the logs for details that lead to this exception.
at com.ibm.ws.security.oidc.client.RelyingParty.getTokensFromProvider(RelyingParty.java:915)
at com.ibm.ws.security.oidc.client.RelyingParty.handleSigninCallback(RelyingParty.java:723)
at com.ibm.ws.security.oidc.client.RelyingParty.negotiateValidateandEstablishTrust(RelyingParty.java:340)
at com.ibm.ws.security.web.TAIWrapper.negotiateAndValidateEstablishedTrust(TAIWrapper.java:103)
at com.ibm.ws.security.web.WebAuthenticator.handleTrustAssociation(WebAuthenticator.java:438)
at com.ibm.ws.security.web.WebAuthenticator.authenticate(WebAuthenticator.java:3103)
at com.ibm.ws.security.web.WebCollaborator.SetAuthenticatedSubjectIfNeeded(WebCollaborator.java:3545)
at com.ibm.ws.security.web.WebCollaborator.authorize(WebCollaborator.java:857)
at com.ibm.ws.security.web.EJSWebCollaborator.preInvoke(EJSWebCollaborator.java:447)
at com.ibm.ws.webcontainer.collaborator.WebAppSecurityCollaboratorImpl.preInvoke(WebAppSecurityCollaboratorImpl.java:230)
at com.ibm.wsspi.webcontainer.collaborator.CollaboratorHelper.preInvokeCollaborators(CollaboratorHelper.java:436)
at com.ibm.ws.webcontainer.filter.WebAppFilterManager.invokeFilters(WebAppFilterManager.java:1101)
at com.ibm.ws.webcontainer.webapp.WebApp.handleRequest(WebApp.java:4219)
at com.ibm.ws.webcontainer.webapp.WebAppImpl.handleRequest(WebAppImpl.java:2210)
at com.ibm.ws.webcontainer.webapp.WebGroup.handleRequest(WebGroup.java:304)
at com.ibm.ws.webcontainer.WebContainer.handleRequest(WebContainer.java:1030)
at com.ibm.ws.webcontainer.WSWebContainer.handleRequest(WSWebContainer.java:1817)
at com.ibm.ws.webcontainer.channel.WCChannelLink.ready(WCChannelLink.java:382)
at com.ibm.ws.http.channel.inbound.impl.HttpInboundLink.handleDiscrimination(HttpInboundLink.java:465)
at com.ibm.ws.http.channel.inbound.impl.HttpInboundLink.handleNewRequest(HttpInboundLink.java:532)
at com.ibm.ws.http.channel.inbound.impl.HttpInboundLink.processRequest(HttpInboundLink.java:318)
at com.ibm.ws.http.channel.inbound.impl.HttpInboundLink.ready(HttpInboundLink.java:289)
at com.ibm.ws.tcp.channel.impl.NewConnectionInitialReadCallback.sendToDiscriminators(NewConnectionInitialReadCallback.java:214)
at com.ibm.ws.tcp.channel.impl.NewConnectionInitialReadCallback.complete(NewConnectionInitialReadCallback.java:113)
at com.ibm.ws.tcp.channel.impl.AioReadCompletionListener.futureCompleted(AioReadCompletionListener.java:175)
at com.ibm.io.async.AbstractAsyncFuture.invokeCallback(AbstractAsyncFuture.java:217)
at com.ibm.io.async.AsyncChannelFuture.fireCompletionActions(AsyncChannelFuture.java:161)
at com.ibm.io.async.AsyncFuture.completed(AsyncFuture.java:138)
at com.ibm.io.async.ResultHandler.complete(ResultHandler.java:204)
at com.ibm.io.async.ResultHandler.runEventProcessingLoop(ResultHandler.java:775)
at com.ibm.io.async.ResultHandler$2.run(ResultHandler.java:905)
at com.ibm.ws.util.ThreadPool$Worker.run(ThreadPool.java:1909)
. Make sure that the setup is correct and that the user credentials are valid.
enter image description here
enter image description here

Related

Keycloak Admin Client throws error in server logs

am using keycloak admin client with my custom SPI.
I am getting this error when am trying to to create keycloak builder.
previously i tried this solution also but this didnt worked for me.
keycloak version 20.0.2 quarkus dist
this is the code I am using for builder
KeycloakBuilder.builder()
.serverUrl("http://localhost:8080/")
.realm("xxxxx")
.username("xxxx")
.password("xxxxx")
.clientId("admin-cli")
.resteasyClient(
new ResteasyClientBuilder()
.connectionPoolSize(10).build()
).build();
here's the error log
2023-01-26 13:11:33,684 ERROR [org.keycloak.services.error.KeycloakErrorHandler] (executor-thread-4) Uncaught server error: java.lang.InstantiationError: org.jboss.resteasy.client.jaxrs.ResteasyClientBuilder
at com.nafath.keycloak.NafathTokenAuthenticator.getKeycloakInstance(NafathTokenAuthenticator.java:178)
at com.nafath.keycloak.NafathTokenAuthenticator.saveNewUser(NafathTokenAuthenticator.java:127)
at com.nafath.keycloak.NafathTokenAuthenticator.authenticate(NafathTokenAuthenticator.java:116)
at org.keycloak.authentication.DefaultAuthenticationFlow.processSingleFlowExecutionModel(DefaultAuthenticationFlow.java:446)
at org.keycloak.authentication.DefaultAuthenticationFlow.processFlow(DefaultAuthenticationFlow.java:250)
at org.keycloak.authentication.AuthenticationProcessor.authenticateOnly(AuthenticationProcessor.java:1017)
at org.keycloak.authentication.AuthenticationProcessor.authenticate(AuthenticationProcessor.java:879)
at org.keycloak.protocol.AuthorizationEndpointBase.handleBrowserAuthenticationRequest(AuthorizationEndpointBase.java:151)
at org.keycloak.protocol.oidc.endpoints.AuthorizationEndpoint.buildAuthorizationCodeAuthorizationResponse(AuthorizationEndpoint.java:338)
at org.keycloak.protocol.oidc.endpoints.AuthorizationEndpoint.process(AuthorizationEndpoint.java:194)
at org.keycloak.protocol.oidc.endpoints.AuthorizationEndpoint.buildGet(AuthorizationEndpoint.java:112)
at java.base/jdk.internal.reflect.DirectMethodHandleAccessor.invoke(DirectMethodHandleAccessor.java:104)
at java.base/java.lang.reflect.Method.invoke(Method.java:577)
at org.jboss.resteasy.core.MethodInjectorImpl.invoke(MethodInjectorImpl.java:170)
at org.jboss.resteasy.core.MethodInjectorImpl.invoke(MethodInjectorImpl.java:130)
at org.jboss.resteasy.core.ResourceMethodInvoker.internalInvokeOnTarget(ResourceMethodInvoker.java:660)
at org.jboss.resteasy.core.ResourceMethodInvoker.invokeOnTargetAfterFilter(ResourceMethodInvoker.java:524)
at org.jboss.resteasy.core.ResourceMethodInvoker.lambda$invokeOnTarget$2(ResourceMethodInvoker.java:474)
at org.jboss.resteasy.core.interception.jaxrs.PreMatchContainerRequestContext.filter(PreMatchContainerRequestContext.java:364)
at org.jboss.resteasy.core.ResourceMethodInvoker.invokeOnTarget(ResourceMethodInvoker.java:476)
at org.jboss.resteasy.core.ResourceMethodInvoker.invoke(ResourceMethodInvoker.java:434)
at org.jboss.resteasy.core.ResourceLocatorInvoker.invokeOnTargetObject(ResourceLocatorInvoker.java:192)
at org.jboss.resteasy.core.ResourceLocatorInvoker.invoke(ResourceLocatorInvoker.java:152)
at org.jboss.resteasy.core.ResourceLocatorInvoker.invokeOnTargetObject(ResourceLocatorInvoker.java:183)
at org.jboss.resteasy.core.ResourceLocatorInvoker.invoke(ResourceLocatorInvoker.java:141)
at org.jboss.resteasy.core.ResourceLocatorInvoker.invoke(ResourceLocatorInvoker.java:32)
at org.jboss.resteasy.core.SynchronousDispatcher.invoke(SynchronousDispatcher.java:492)
at org.jboss.resteasy.core.SynchronousDispatcher.lambda$invoke$4(SynchronousDispatcher.java:261)
at org.jboss.resteasy.core.SynchronousDispatcher.lambda$preprocess$0(SynchronousDispatcher.java:161)
at org.jboss.resteasy.core.interception.jaxrs.PreMatchContainerRequestContext.filter(PreMatchContainerRequestContext.java:364)
at org.jboss.resteasy.core.SynchronousDispatcher.preprocess(SynchronousDispatcher.java:164)
at org.jboss.resteasy.core.SynchronousDispatcher.invoke(SynchronousDispatcher.java:247)
at io.quarkus.resteasy.runtime.standalone.RequestDispatcher.service(RequestDispatcher.java:73)
at io.quarkus.resteasy.runtime.standalone.VertxRequestHandler.dispatch(VertxRequestHandler.java:151)
at io.quarkus.resteasy.runtime.standalone.VertxRequestHandler.handle(VertxRequestHandler.java:82)
at io.quarkus.resteasy.runtime.standalone.VertxRequestHandler.handle(VertxRequestHandler.java:42)
at io.vertx.ext.web.impl.RouteState.handleContext(RouteState.java:1284)
at io.vertx.ext.web.impl.RoutingContextImplBase.iterateNext(RoutingContextImplBase.java:173)
at io.vertx.ext.web.impl.RoutingContextImpl.next(RoutingContextImpl.java:140)
at io.quarkus.vertx.http.runtime.StaticResourcesRecorder$2.handle(StaticResourcesRecorder.java:84)
at io.quarkus.vertx.http.runtime.StaticResourcesRecorder$2.handle(StaticResourcesRecorder.java:71)
at io.vertx.ext.web.impl.RouteState.handleContext(RouteState.java:1284)
at io.vertx.ext.web.impl.RoutingContextImplBase.iterateNext(RoutingContextImplBase.java:173)
at io.vertx.ext.web.impl.RoutingContextImpl.next(RoutingContextImpl.java:140)
at io.quarkus.vertx.http.runtime.VertxHttpRecorder$6.handle(VertxHttpRecorder.java:430)
at io.quarkus.vertx.http.runtime.VertxHttpRecorder$6.handle(VertxHttpRecorder.java:408)
at io.vertx.ext.web.impl.RouteState.handleContext(RouteState.java:1284)
at io.vertx.ext.web.impl.RoutingContextImplBase.iterateNext(RoutingContextImplBase.java:173)
at io.vertx.ext.web.impl.RoutingContextImpl.next(RoutingContextImpl.java:140)
at org.keycloak.quarkus.runtime.integration.web.QuarkusRequestFilter.lambda$createBlockingHandler$0(QuarkusRequestFilter.java:82)
at io.quarkus.vertx.core.runtime.VertxCoreRecorder$14.runWith(VertxCoreRecorder.java:564)
at org.jboss.threads.EnhancedQueueExecutor$Task.run(EnhancedQueueExecutor.java:2449)
at org.jboss.threads.EnhancedQueueExecutor$ThreadBody.run(EnhancedQueueExecutor.java:1478)
at org.jboss.threads.DelegatingRunnable.run(DelegatingRunnable.java:29)
at org.jboss.threads.ThreadLocalResettingRunnable.run(ThreadLocalResettingRunnable.java:29)
at io.netty.util.concurrent.FastThreadLocalRunnable.run(FastThreadLocalRunnable.java:30)
at java.base/java.lang.Thread.run(Thread.java:833)
I tried it with resteasy version 4

java.security.KeyStoreException when trying to create HTTP instance

I am running a code in a WAS container and when I try to create the HTTP instance like:
val x = Http()
I am receiving the error below.
[3/28/18 12:59:45:614 MDT] 00000434 ServletWrappe E com.ibm.ws.webcontainer.servlet.ServletWrapper service Uncaught service() exception thrown by servlet com.avaya.ept.snapins.scalatemplate.web.RecordServlet: java.security.NoSuchAlgorithmException: Error constructing implementation (algorithm: Default, provider: IBMJSSE2, class: com.ibm.jsse2.ag)
at java.security.Provider$Service.newInstance(Provider.java:1628)
at sun.security.jca.GetInstance.getInstance(GetInstance.java:248)
at sun.security.jca.GetInstance.getInstance(GetInstance.java:176)
at javax.net.ssl.SSLContext.getInstance(SSLContext.java:30)
at javax.net.ssl.SSLContext.getDefault(SSLContext.java:27)
at com.typesafe.sslconfig.ssl.Ciphers$.java17RecommendedCiphers$lzycompute(Ciphers.scala:29)
at com.typesafe.sslconfig.ssl.Ciphers$.java17RecommendedCiphers(Ciphers.scala:28)
at com.typesafe.sslconfig.ssl.Ciphers$$anonfun$recommendedCiphers$2.apply(Ciphers.scala:26)
at com.typesafe.sslconfig.ssl.Ciphers$$anonfun$recommendedCiphers$2.apply(Ciphers.scala:26)
at com.typesafe.sslconfig.ssl.package$.foldVersion(package.scala:39)
at com.typesafe.sslconfig.ssl.Ciphers$.recommendedCiphers(Ciphers.scala:24)
at com.typesafe.sslconfig.akka.AkkaSSLConfig.configureCipherSuites(AkkaSSLConfig.scala:186)
at com.typesafe.sslconfig.akka.AkkaSSLConfig.<init>(AkkaSSLConfig.scala:90)
at com.typesafe.sslconfig.akka.AkkaSSLConfig$.createExtension(AkkaSSLConfig.scala:29)
at com.typesafe.sslconfig.akka.AkkaSSLConfig$.createExtension(AkkaSSLConfig.scala:19)
at akka.actor.ActorSystemImpl.registerExtension(ActorSystem.scala:917)
at akka.actor.ExtensionId$class.apply(Extension.scala:79)
at com.typesafe.sslconfig.akka.AkkaSSLConfig$.apply(AkkaSSLConfig.scala:24)
at com.typesafe.sslconfig.akka.AkkaSSLConfig$.apply(AkkaSSLConfig.scala:19)
at akka.http.scaladsl.HttpExt.<init>(Http.scala:51)
at akka.http.scaladsl.Http$.createExtension(Http.scala:928)
at akka.http.scaladsl.Http$.createExtension(Http.scala:804)
at akka.actor.ActorSystemImpl.registerExtension(ActorSystem.scala:917)
at akka.actor.ExtensionId$class.apply(Extension.scala:79)
at akka.http.scaladsl.Http$.apply(Http.scala:923)
at com.avaya.ept.snapins.scalatemplate.web.RecordServlet.doPost(RecordServlet.scala:94)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:595)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:668)
at com.ibm.ws.webcontainer.servlet.ServletWrapper.service(ServletWrapper.java:1232)
at com.ibm.ws.webcontainer.servlet.ServletWrapper.handleRequest(ServletWrapper.java:781)
at com.ibm.ws.webcontainer.servlet.ServletWrapper.handleRequest(ServletWrapper.java:480)
at com.ibm.ws.webcontainer.servlet.ServletWrapperImpl.handleRequest(ServletWrapperImpl.java:178)
at com.ibm.ws.webcontainer.filter.WebAppFilterChain.invokeTarget(WebAppFilterChain.java:136)
at com.ibm.ws.webcontainer.filter.WebAppFilterChain.doFilter(WebAppFilterChain.java:97)
at org.apache.logging.log4j.web.Log4jServletFilter.doFilter(Log4jServletFilter.java:71)
at com.ibm.ws.webcontainer.filter.FilterInstanceWrapper.doFilter(FilterInstanceWrapper.java:195)
at com.ibm.ws.webcontainer.filter.WebAppFilterChain.doFilter(WebAppFilterChain.java:91)
at com.ibm.ws.webcontainer.filter.WebAppFilterManager.doFilter(WebAppFilterManager.java:967)
at com.ibm.ws.webcontainer.filter.WebAppFilterManager.invokeFilters(WebAppFilterManager.java:1107)
at com.ibm.ws.webcontainer.webapp.WebApp.handleRequest(WebApp.java:3951)
at com.ibm.ws.webcontainer.webapp.WebGroup.handleRequest(WebGroup.java:304)
at com.ibm.ws.webcontainer.WebContainer.handleRequest(WebContainer.java:1014)
at com.ibm.ws.webcontainer.WSWebContainer.handleRequest(WSWebContainer.java:1817)
at com.ibm.ws.webcontainer.channel.WCChannelLink.ready(WCChannelLink.java:200)
at com.ibm.ws.http.channel.inbound.impl.HttpInboundLink.handleDiscrimination(HttpInboundLink.java:463)
at com.ibm.ws.http.channel.inbound.impl.HttpInboundLink.handleNewRequest(HttpInboundLink.java:530)
at com.ibm.ws.http.channel.inbound.impl.HttpInboundLink.processRequest(HttpInboundLink.java:316)
at com.ibm.ws.http.channel.inbound.impl.HttpInboundLink.ready(HttpInboundLink.java:287)
at com.ibm.ws.tcp.channel.impl.NewConnectionInitialReadCallback.sendToDiscriminators(NewConnectionInitialReadCallback.java:214)
at com.ibm.ws.tcp.channel.impl.NewConnectionInitialReadCallback.complete(NewConnectionInitialReadCallback.java:113)
at com.ibm.ws.tcp.channel.impl.AioReadCompletionListener.futureCompleted(AioReadCompletionListener.java:175)
at com.ibm.io.async.AbstractAsyncFuture.invokeCallback(AbstractAsyncFuture.java:217)
at com.ibm.io.async.AsyncChannelFuture$1.run(AsyncChannelFuture.java:205)
at com.ibm.ws.util.ThreadPool$Worker.run(ThreadPool.java:1892)
Caused by: java.security.KeyStoreException: IBMKeyManager: Problem accessing key store java.io.IOException: Keystore was tampered with, or password was incorrect
at com.ibm.jsse2.ae.a(ae.java:112)
at com.ibm.jsse2.ag.g(ag.java:19)
at com.ibm.jsse2.ag.<init>(ag.java:1)
at sun.reflect.GeneratedConstructorAccessor493.newInstance(Unknown Source)
at sun.reflect.DelegatingConstructorAccessorImpl.newInstance(DelegatingConstructorAccessorImpl.java:57)
at java.lang.reflect.Constructor.newInstance(Constructor.java:437)
at java.security.Provider$Service.newInstance(Provider.java:1606)
... 53 more
Is there any way to avoid the code tries to create an SSLContext instance?
I am saying that because I will just need to make an HTTP request using TCP protocol. I don't have any intention to use SSL in my code at this time.
In reality it doesn't have a straightforward solution and it seems an issue in the library. Because of that I opened an issue as you can see on the link below.
https://github.com/akka/akka-http/issues/1978#issuecomment-378604822

Access to Bluemix results in a "Failed to find resource" error

When I try to log into Bluemix, I see JSPG0036E: Failed to find resource error message. What is the cause of this issue?
Here is the complete message:
JSP Processing Error
HTTP Error Code: 500
Error Message:
/jsp/authn_failediif.jsp(77,50) JSPG0036E: Failed to find resource /jsp/include/generalmsg.shtml
Root Cause:
com.ibm.ws.jsp.JspCoreException: /jsp/authn_failediif.jsp(77,50) JSPG0036E: Failed to find resource /jsp/include/generalmsg.shtml
at com.ibm.ws.jsp.translator.document.Jsp2Dom.getJspDocumentAsJspPage(Jsp2Dom.java:518)
at com.ibm.ws.jsp.translator.document.Jsp2Dom.getJspDocument(Jsp2Dom.java:196)
at com.ibm.ws.jsp.translator.JspTranslator.<init>(JspTranslator.java:73)
at com.ibm.ws.jsp.translator.JspTranslatorFactory.createTranslator(JspTranslatorFactory.java:116)
at com.ibm.ws.jsp.translator.utils.JspTranslatorUtil.translateJsp(JspTranslatorUtil.java:262)
at com.ibm.ws.jsp.translator.utils.JspTranslatorUtil.translateJspAndCompile(JspTranslatorUtil.java:123)
at com.ibm.ws.jsp.webcontainerext.AbstractJSPExtensionServletWrapper.translateJsp(AbstractJSPExtensionServletWrapper.java:565)
at com.ibm.ws.jsp.webcontainerext.AbstractJSPExtensionServletWrapper._checkForTranslation(AbstractJSPExtensionServletWrapper.java:487)
at com.ibm.ws.jsp.webcontainerext.AbstractJSPExtensionServletWrapper.checkForTranslation(AbstractJSPExtensionServletWrapper.java:340)
at com.ibm.ws.jsp.webcontainerext.AbstractJSPExtensionServletWrapper.handleRequest(AbstractJSPExtensionServletWrapper.java:156)
at com.ibm.ws.webcontainer.webapp.WebApp.handleRequest(WebApp.java:3994)
at com.ibm.ws.webcontainer.webapp.WebGroup.handleRequest(WebGroup.java:276)
at com.ibm.ws.webcontainer.WebContainer.handleRequest(WebContainer.java:945)
at com.ibm.ws.webcontainer.WSWebContainer.handleRequest(WSWebContainer.java:1592)
at com.ibm.ws.webcontainer.channel.WCChannelLink.ready(WCChannelLink.java:191)
at com.ibm.ws.http.channel.inbound.impl.HttpInboundLink.handleDiscrimination(HttpInboundLink.java:454)
at com.ibm.ws.http.channel.inbound.impl.HttpInboundLink.handleNewRequest(HttpInboundLink.java:516)
at com.ibm.ws.http.channel.inbound.impl.HttpInboundLink.processRequest(HttpInboundLink.java:307)
at com.ibm.ws.http.channel.inbound.impl.HttpICLReadCallback.complete(HttpICLReadCallback.java:84)
at com.ibm.ws.ssl.channel.impl.SSLReadServiceContext$SSLReadCompletedCallback.complete(SSLReadServiceContext.java:1818)
at com.ibm.ws.tcp.channel.impl.AioReadCompletionListener.futureCompleted(AioReadCompletionListener.java:175)
at com.ibm.io.async.AbstractAsyncFuture.invokeCallback(AbstractAsyncFuture.java:217)
at com.ibm.io.async.AsyncChannelFuture.fireCompletionActions(AsyncChannelFuture.java:161)
at com.ibm.io.async.AsyncFuture.completed(AsyncFuture.java:138)
at com.ibm.io.async.ResultHandler.complete(ResultHandler.java:204)
at com.ibm.io.async.ResultHandler.runEventProcessingLoop(ResultHandler.java:775)
at com.ibm.io.async.ResultHandler$2.run(ResultHandler.java:905)
at com.ibm.ws.util.ThreadPool$Worker.run(ThreadPool.java:1662)
the first thing to do with this kind of problems is to check that your local cache isn't taking you this error: so you may empty your browser cache and cookies and try again.
If you will get the same error, you may check on
https://developer.ibm.com/bluemix/support/#status
on the right column, for any running maintenance activity or for a platform issue alert.
If everything is ok you should request Bluemix team for support following the instructions you find on
https://www.ng.bluemix.net/docs/troubleshoot/getting_customer_support.html
Section "Contacting Bluemix support"

What is the ideal way to handle a RESTful service request with no resource identification

I have a RESTful service which is developed using Spring. The service tries to find a resource using a Identification string with Request method as GET.
The request pattern is : https://api.rest.com/resource/RESOURCEID
The method defined for the same is
#RequestMapping(
value = "/{RESOURCEID}",
method = RequestMethod.GET,
produces = "application/json")
public #ResponseBody String retrieve(
#PathVariable String resourceID,
HttpServletRequest request,
HttpServletResponse response)
throws AbstractBaseAppException,
JsonGenerationException,
JsonMappingException,
IOException
Now when I try to make a request like: https://api.rest.com/resource/, I get exception below:
[6/10/14 17:48:56:942 IST] 00000018 PmiRegistry W CWPMI0023W: Unable to register PMI module due to duplicate name: SimpleFileServlet
[6/10/14 17:48:56:982 IST] 00000018 StatsFactoryU W CWPMI0103W: Unable to register custom PMI module due to duplicate name under the same parent or invalid PMI tree path: SimpleFileServlet
[6/10/14 17:48:57:015 IST] 00000018 stats E com.ibm.ws.wswebcontainer.stats.ServletPmiModule ServletPmiModule error creating stats instance
com.ibm.wsspi.pmi.factory.StatsFactoryException: CWPMI0103W: Unable to register custom PMI module due to duplicate name under the same parent or invalid PMI tree path: SimpleFileServlet
at com.ibm.ws.pmi.factory.StatsFactoryUtil.registerModule(StatsFactoryUtil.java:92)
at com.ibm.ws.pmi.factory.StatsInstanceImpl._register(StatsInstanceImpl.java:81)
at com.ibm.ws.pmi.factory.StatsInstanceImpl.createGroupInstance(StatsInstanceImpl.java:126)
at com.ibm.wsspi.pmi.factory.StatsFactory.createStatsInstance(StatsFactory.java:354)
at com.ibm.wsspi.pmi.factory.StatsFactory.createStatsInstance(StatsFactory.java:319)
at com.ibm.ws.wswebcontainer.stats.ServletPmiModule.<init>(ServletPmiModule.java:91)
at com.ibm.ws.wswebcontainer.stats.WebAppModule.onServletStartInit(WebAppModule.java:241)
at com.ibm.ws.webcontainer.WebAppPmiListener.onServletStartInit(WebAppPmiListener.java:178)
at com.ibm.ws.webcontainer.webapp.FireOnServletStartInit.fireEvent(FireOnEventListenerVisitors.java:85)
at com.ibm.ws.webcontainer.util.EventListeners.fireEvent(EventListeners.java:53)
at com.ibm.ws.webcontainer.webapp.WebAppEventSource.onServletStartInit(WebAppEventSource.java:121)
at com.ibm.ws.webcontainer.servlet.ServletWrapper.init(ServletWrapper.java:314)
at com.ibm.ws.webcontainer.servlet.ServletWrapperImpl.init(ServletWrapperImpl.java:168)
at com.ibm.ws.webcontainer.servlet.ServletWrapper.load(ServletWrapper.java:1267)
at com.ibm.ws.webcontainer.filter.WebAppFilterManager.invokeFilters(WebAppFilterManager.java:970)
at com.ibm.ws.webcontainer.webapp.WebAppRequestDispatcher.dispatch(WebAppRequestDispatcher.java:1370)
at com.ibm.ws.webcontainer.webapp.WebAppRequestDispatcher.forward(WebAppRequestDispatcher.java:179)
at org.springframework.web.servlet.resource.DefaultServletHttpRequestHandler.handleRequest(DefaultServletHttpRequestHandler.java:119)
at org.springframework.web.servlet.mvc.HttpRequestHandlerAdapter.handle(HttpRequestHandlerAdapter.java:49)
at org.springframework.web.servlet.DispatcherServlet.doDispatch(DispatcherServlet.java:923)
at org.springframework.web.servlet.DispatcherServlet.doService(DispatcherServlet.java:852)
at org.springframework.web.servlet.FrameworkServlet.processRequest(FrameworkServlet.java:882)
at org.springframework.web.servlet.FrameworkServlet.doGet(FrameworkServlet.java:778)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:575)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:668)
at com.metlife.gsp.tenancy.TenantDispatcherServlet.service(TenantDispatcherServlet.java:103)
at com.metlife.gsp.tenancy.TenantDispatcherServletProxy.service(TenantDispatcherServletProxy.java:82)
at com.ibm.ws.webcontainer.servlet.ServletWrapper.service(ServletWrapper.java:1131)
at com.ibm.ws.webcontainer.servlet.ServletWrapper.handleRequest(ServletWrapper.java:706)
at com.ibm.ws.webcontainer.servlet.ServletWrapper.handleRequest(ServletWrapper.java:433)
at com.ibm.ws.webcontainer.servlet.ServletWrapperImpl.handleRequest(ServletWrapperImpl.java:178)
at com.ibm.ws.webcontainer.filter.WebAppFilterChain.invokeTarget(WebAppFilterChain.java:125)
at com.ibm.ws.webcontainer.filter.WebAppFilterChain.doFilter(WebAppFilterChain.java:92)
at org.springframework.web.filter.CharacterEncodingFilter.doFilterInternal(CharacterEncodingFilter.java:88)
at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:76)
at com.ibm.ws.webcontainer.filter.FilterInstanceWrapper.doFilter(FilterInstanceWrapper.java:191)
at com.ibm.ws.webcontainer.filter.WebAppFilterChain.doFilter(WebAppFilterChain.java:89)
at com.ibm.ws.webcontainer.filter.WebAppFilterManager.doFilter(WebAppFilterManager.java:916)
at com.ibm.ws.webcontainer.filter.WebAppFilterManager.invokeFilters(WebAppFilterManager.java:1005)
at com.ibm.ws.webcontainer.servlet.CacheServletWrapper.handleRequest(CacheServletWrapper.java:87)
at com.ibm.ws.webcontainer.WebContainer.handleRequest(WebContainer.java:903)
at com.ibm.ws.webcontainer.WSWebContainer.handleRequest(WSWebContainer.java:1593)
at com.ibm.ws.webcontainer.channel.WCChannelLink.ready(WCChannelLink.java:192)
at com.ibm.ws.http.channel.inbound.impl.HttpInboundLink.handleDiscrimination(HttpInboundLink.java:455)
at com.ibm.ws.http.channel.inbound.impl.HttpInboundLink.handleNewInformation(HttpInboundLink.java:384)
at com.ibm.ws.http.channel.inbound.impl.HttpInboundLink.ready(HttpInboundLink.java:272)
at com.ibm.ws.tcp.channel.impl.NewConnectionInitialReadCallback.sendToDiscriminators(NewConnectionInitialReadCallback.java:214)
at com.ibm.ws.tcp.channel.impl.NewConnectionInitialReadCallback.complete(NewConnectionInitialReadCallback.java:113)
at com.ibm.ws.tcp.channel.impl.AioReadCompletionListener.futureCompleted(AioReadCompletionListener.java:165)
at com.ibm.io.async.AbstractAsyncFuture.invokeCallback(AbstractAsyncFuture.java:217)
at com.ibm.io.async.AsyncChannelFuture.fireCompletionActions(AsyncChannelFuture.java:161)
at com.ibm.io.async.AsyncFuture.completed(AsyncFuture.java:138)
at com.ibm.io.async.ResultHandler.complete(ResultHandler.java:204)
at com.ibm.io.async.ResultHandler.runEventProcessingLoop(ResultHandler.java:775)
at com.ibm.io.async.ResultHandler$2.run(ResultHandler.java:905)
at com.ibm.ws.util.ThreadPool$Worker.run(ThreadPool.java:1574)
I'm not familiar with the framework you are using, but two things stick out that might be causing issues.
You are making a request to https://api.rest.com/resource/ but the method is 'listening' to URIs the match /{RESOURCEID} which I would expect (unless there are other, 'better' matches) to mean this function will be called with "resource" passed in as the resource ID.
You also do not appear to have a method that is specifically listening to /resource/.
I don't understand how that error message links to back to this problem though. I suggest you look up what exactly those exceptions you are seeing mean and what causes them.

Websphere Application Server 8.5.5 don't see imported client key

I used this tutorial
http://www.ibm.com/developerworks/websphere/tutorials/0905_griffith/
for setting up security for jax-ws web service on server side and now I want to call this web service via soapUI, I am signing message in soapUI, but after calling web service with this message I get error that server can't find signer key. What can be wrong? Binding is configured to contain trustore which contains keystore with client certificate.
StackTrace:
CWWSS5514E: An exception while processing WS-Security message: com.ibm.wsspi.wssecurity.core.SoapSecurityException: CWWSS6521E: The Login failed because of an exception: javax.security.auth.login.LoginException: CWWSS6810E: The runtime can not identify the key corresponding to the identifier [CN=klient,O=SD,C= PL:458001165]
at com.ibm.wsspi.wssecurity.core.SoapSecurityException.format(SoapSecurityException.java:136)
at com.ibm.ws.wssecurity.wssapi.token.impl.CommonTokenConsumer.getSoapSecurityException(CommonTokenConsumer.java:586)
at com.ibm.ws.wssecurity.wssapi.token.impl.CommonTokenConsumer.invoke(CommonTokenConsumer.java:426)
at com.ibm.ws.wssecurity.wssapi.CommonContentConsumer.invokeTokenConsumer(CommonContentConsumer.java:679)
at com.ibm.ws.wssecurity.wssapi.CommonContentConsumer.getKey(CommonContentConsumer.java:323)
at com.ibm.ws.wssecurity.keyinfo.KeyInfoConsumer.getKey(KeyInfoConsumer.java:200)
at com.ibm.ws.wssecurity.dsig.SignatureConsumer.callKeyInfoConsumer(SignatureConsumer.java:1140)
at com.ibm.ws.wssecurity.dsig.SignatureConsumer.callKeyInfoConsumer(SignatureConsumer.java:1104)
at com.ibm.ws.wssecurity.dsig.SignatureConsumer.invoke(SignatureConsumer.java:272)
at com.ibm.ws.wssecurity.core.WSSConsumer.callSignatureConsumer(WSSConsumer.java:2924)
at com.ibm.ws.wssecurity.core.WSSConsumer.callSignatureConsumer(WSSConsumer.java:2827)
at com.ibm.ws.wssecurity.core.WSSConsumer.invoke(WSSConsumer.java:862)
at com.ibm.ws.wssecurity.handler.WSSecurityConsumerBase.invoke(WSSecurityConsumerBase.java:110)
at com.ibm.ws.wssecurity.handler.WSSecurityConsumerHandler._invoke(WSSecurityConsumerHandler.java:537)
at com.ibm.ws.wssecurity.handler.WSSecurityConsumerHandler.access$100(WSSecurityConsumerHandler.java:127)
at com.ibm.ws.wssecurity.handler.WSSecurityConsumerHandler$1.run(WSSecurityConsumerHandler.java:191)
at com.ibm.ws.security.context.ContextImpl.runWith(ContextImpl.java:362)
at com.ibm.ws.wssecurity.platform.websphere.auth.WSSContextImpl.runWith(WSSContextImpl.java:65)
at com.ibm.ws.wssecurity.handler.WSSecurityConsumerHandler$2.run(WSSecurityConsumerHandler.java:197)
at java.security.AccessController.doPrivileged(AccessController.java:280)
at com.ibm.ws.wssecurity.handler.WSSecurityConsumerHandler.invoke(WSSecurityConsumerHandler.java:195)
at org.apache.axis2.handlers.AbstractHandler.invoke_stage2(AbstractHandler.java:133)
at org.apache.axis2.engine.Phase.invokeHandler(Phase.java:343)
at org.apache.axis2.engine.Phase.invoke(Phase.java:313)
at org.apache.axis2.engine.AxisEngine.invoke(AxisEngine.java:360)
at org.apache.axis2.engine.AxisEngine.receive(AxisEngine.java:195)
at org.apache.axis2.transport.http.HTTPTransportUtils.processHTTPPostRequest(HTTPTransportUtils.java:172)
at com.ibm.ws.websvcs.transport.http.WASAxis2Servlet.doPost(WASAxis2Servlet.java:1583)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:595)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:668)
at com.ibm.ws.webcontainer.servlet.ServletWrapper.service(ServletWrapper.java:1227)
at com.ibm.ws.webcontainer.servlet.ServletWrapper.handleRequest(ServletWrapper.java:776)
at com.ibm.ws.webcontainer.servlet.ServletWrapper.handleRequest(ServletWrapper.java:458)
at com.ibm.ws.webcontainer.servlet.ServletWrapperImpl.handleRequest(ServletWrapperImpl.java:178)
at com.ibm.ws.webcontainer.filter.WebAppFilterManager.invokeFilters(WebAppFilterManager.java:1032)
at com.ibm.ws.webcontainer.webapp.WebApp.handleRequest(WebApp.java:3761)
at com.ibm.ws.webcontainer.webapp.WebGroup.handleRequest(WebGroup.java:304)
at com.ibm.ws.webcontainer.WebContainer.handleRequest(WebContainer.java:976)
at com.ibm.ws.webcontainer.WSWebContainer.handleRequest(WSWebContainer.java:1662)
at com.ibm.ws.webcontainer.channel.WCChannelLink.ready(WCChannelLink.java:200)
at com.ibm.ws.http.channel.inbound.impl.HttpInboundLink.handleDiscrimination(HttpInboundLink.java:459)
at com.ibm.ws.http.channel.inbound.impl.HttpInboundLink.handleNewRequest(HttpInboundLink.java:526)
at com.ibm.ws.http.channel.inbound.impl.HttpInboundLink.processRequest(HttpInboundLink.java:312)
at com.ibm.ws.http.channel.inbound.impl.HttpInboundLink.ready(HttpInboundLink.java:283)
at com.ibm.ws.tcp.channel.impl.NewConnectionInitialReadCallback.sendToDiscriminators(NewConnectionInitialReadCallback.java:214)
at com.ibm.ws.tcp.channel.impl.NewConnectionInitialReadCallback.complete(NewConnectionInitialReadCallback.java:113)
at com.ibm.ws.tcp.channel.impl.AioReadCompletionListener.futureCompleted(AioReadCompletionListener.java:175)
at com.ibm.io.async.AbstractAsyncFuture.invokeCallback(AbstractAsyncFuture.java:217)
at com.ibm.io.async.AsyncChannelFuture.fireCompletionActions(AsyncChannelFuture.java:161)
at com.ibm.io.async.AsyncFuture.completed(AsyncFuture.java:138)
at com.ibm.io.async.ResultHandler.complete(ResultHandler.java:204)
at com.ibm.io.async.ResultHandler.runEventProcessingLoop(ResultHandler.java:775)
at com.ibm.io.async.ResultHandler$2.run(ResultHandler.java:905)
at com.ibm.ws.util.ThreadPool$Worker.run(ThreadPool.java:1862)
It turns out that it's SoapUI issue and it is impossible to make it work.
For me, when I changed the 'Key Identifier Type ' to BinaryToken in SOAP UI 'Signature' pane, the server could understand and responded as expected. SOAP UI has a dropdown with various options for 'Key Identifier Type' and when 'BinaryToken' is selected, it means, consumer (SOAP UI here) will include it's certificate in the request itself and so server can extract it.