[cas-dev] Unable to validate ProxyTicketValidator
Scott Battaglia
scott_battaglia at rutgers.edu
Wed Jul 26 23:46:02 EDT 2006
Jennifer,
Did you add this certificate to the JVM's keystore?
i.e. %JAVA_HOME%\jre\lib\security\cacerts ?
This page should be able to help you:
http://www.ja-sig.org/products/cas/server/ssl/index.html
-Scott
Jennifer Yang wrote:
> Hello,
>
> I got my CAS server and webapps working under same Tomcat container
> using localhost. When I tried using my domain name instead of
> localhost, I am getting "Unable to validate ProxyTicketValidator"
> error after authentication completes. I saw other posts indicating
> that it has to do with digital certificates. Since I am running
> everything under the same host and same container, I don't understand
> how this would be an issue of CAS not trusting the certificate.
>
> Here is my key generation.
> d:\java_tools\jdk150_04\bin\keytool -genkey -alias tomcat -k
> eyalg RSA
> Enter keystore password: changeit
> What is your first and last name?
> [Unknown]: jenyangt43
> What is the name of your organizational unit?
> [Unknown]: jenyangt43
> What is the name of your organization?
> [Unknown]: jenyangt43
> What is the name of your City or Locality?
> [Unknown]: la
> What is the name of your State or Province?
> [Unknown]: ca
> What is the two-letter country code for this unit?
> [Unknown]: us
> Is CN=jenyangt43, OU=jenyangt43, O=jenyangt43, L=la, ST=ca, C=us correct?
> [no]: y
>
> Enter key password for <tomcat>
> (RETURN if same as keystore password): changeit
>
> d:\java_tools\jdk150_04\bin\keytool -list -alias tomcat
> Enter keystore password: changeit
> tomcat, Jul 26, 2006, keyEntry,
> Certificate fingerprint (MD5):
> 1D:46:D2:E3:2B:76:9D:E7:47:74:0A:44:92:13:60:6D
>
> I think Tomcat is using this keyout because when I deleted this key
> and ran Tomcat, I was getting an error from Tomcat about missing key
> to enable SSL.
>
> I am able to get Tomcat index page by entering https://jenyangt43:8443/
>
> Here is the error in stdout.
> SEVERE: edu.yale.its.tp.cas.client.CASAuthenticationException: Unable
> to validate ProxyTicketValidator [[edu.yale.its.tp
> <http://edu.yale.its.tp>
> .cas.client.ProxyTicketValidator proxyList=[null]
> [edu.yale.its.tp.cas.client.ServiceTicketValidator casValidateUrl=[htt
> ps://jenyangt43:8443/cas/proxyValidate]
> ticket=[ST-2-fkDbX0nmt14TIDaNubebidOybmHHL2nnmBi-20]
> service=[http%3A%2F%2Fjenya
> ngt43%3A8080%2Fjsp-examples%2Fjsp2%2Fel%2Fbasic-arithmetic.jsp]
> renew=false]]]
> Jul 26, 2006 5:43:07 PM edu.yale.its.tp.cas.client.filter.CASFilter
> doFilter
> SEVERE: edu.yale.its.tp.cas.client.CASAuthenticationException : Unable
> to validate ProxyTicketValidator [[edu.yale.its.tp
> <http://edu.yale.its.tp>
> .cas.client.ProxyTicketValidator proxyList=[null]
> [edu.yale.its.tp.cas.client.ServiceTicketValidator casValidateUrl=[htt
> ps://jenyangt43:8443/cas/proxyValidate]
> ticket=[ST-2-fkDbX0nmt14TIDaNubebidOybmHHL2nnmBi-20]
> service=[http%3A%2F%2Fjenya
> ngt43%3A8080%2Fjsp-examples%2Fjsp2%2Fel%2Fbasic-arithmetic.jsp]
> renew=false]]]
>
> Thanks so much for your help!
> --Jennifer
> ------------------------------------------------------------------------
>
> _______________________________________________
> cas-dev mailing list
> cas-dev at tp.its.yale.edu
> http://tp.its.yale.edu/mailman/listinfo/cas-dev
>
More information about the cas-dev
mailing list