[cas-dev] Unable to validate ProxyTicketValidator

Jennifer Yang jyoonyang at gmail.com
Wed Jul 26 21:01:55 EDT 2006 

Hello,

I got my CAS server and webapps working under same Tomcat container using
localhost.  When I tried using my domain name instead of localhost, I am
getting "Unable to validate ProxyTicketValidator" error after authentication
completes.  I saw other posts indicating that it has to do with digital
certificates.  Since I am running everything under the same host and same
container, I don't understand how this would be an issue of CAS not trusting
the certificate.

Here is my key generation.
d:\java_tools\jdk150_04\bin\keytool -genkey -alias tomcat -k
eyalg RSA
Enter keystore password:  changeit
What is your first and last name?
  [Unknown]:  jenyangt43
What is the name of your organizational unit?
  [Unknown]:  jenyangt43
What is the name of your organization?
  [Unknown]:  jenyangt43
What is the name of your City or Locality?
  [Unknown]:  la
What is the name of your State or Province?
  [Unknown]:  ca
What is the two-letter country code for this unit?
  [Unknown]:  us
Is CN=jenyangt43, OU=jenyangt43, O=jenyangt43, L=la, ST=ca, C=us correct?
  [no]:  y

Enter key password for <tomcat>
        (RETURN if same as keystore password):  changeit

d:\java_tools\jdk150_04\bin\keytool -list -alias tomcat
Enter keystore password:  changeit
tomcat, Jul 26, 2006, keyEntry,
Certificate fingerprint (MD5):
1D:46:D2:E3:2B:76:9D:E7:47:74:0A:44:92:13:60:6D

I think Tomcat is using this keyout because when I deleted this key and ran
Tomcat, I was getting an error from Tomcat about missing key to enable SSL.

I am able to get Tomcat index page by entering https://jenyangt43:8443/

Here is the error in stdout.
SEVERE: edu.yale.its.tp.cas.client.CASAuthenticationException: Unable to
validate ProxyTicketValidator [[edu.yale.its.tp
.cas.client.ProxyTicketValidator proxyList=[null] [
edu.yale.its.tp.cas.client.ServiceTicketValidator casValidateUrl=[htt
ps://jenyangt43:8443/cas/proxyValidate]
ticket=[ST-2-fkDbX0nmt14TIDaNubebidOybmHHL2nnmBi-20]
service=[http%3A%2F%2Fjenya
ngt43%3A8080%2Fjsp-examples%2Fjsp2%2Fel%2Fbasic-arithmetic.jsp]
renew=false]]]
Jul 26, 2006 5:43:07 PM edu.yale.its.tp.cas.client.filter.CASFilter doFilter
SEVERE: edu.yale.its.tp.cas.client.CASAuthenticationException: Unable to
validate ProxyTicketValidator [[edu.yale.its.tp
.cas.client.ProxyTicketValidator proxyList=[null] [
edu.yale.its.tp.cas.client.ServiceTicketValidator casValidateUrl=[htt
ps://jenyangt43:8443/cas/proxyValidate]
ticket=[ST-2-fkDbX0nmt14TIDaNubebidOybmHHL2nnmBi-20]
service=[http%3A%2F%2Fjenya
ngt43%3A8080%2Fjsp-examples%2Fjsp2%2Fel%2Fbasic-arithmetic.jsp]
renew=false]]]

Thanks so much for your help!
--Jennifer
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://tp.its.yale.edu/pipermail/cas-dev/attachments/20060726/eaa2897b/attachment.html

More information about the cas-dev mailing list