[cas-dev] edu.yale.its.tp.cas.client.CASAuthenticationException
Andrew R Feller
afelle1 at lsu.edu
Mon Jun 16 08:39:09 EDT 2008
Smita,
http://www.ja-sig.org/products/cas/server/ssl/index.html
Basically, you don't have SSL setup properly. I take it you are using
keystores? If you are new to keystores or do not want to deal with
them, Tomcat has an Apache Portable Runtime connector that handles SSL
in the same way that the Apache HTTP server does. For more information,
you can check out the following links:
http://tomcat.apache.org/tomcat-6.0-doc/apr.html
http://www.nabble.com/RE%3A--cas-dev--keytool-needed---to17103709.html#a
17103709
HTH,
Andrew R Feller, Analyst
University Information Systems
200 Fred Frey Building
Louisiana State University <http://www.lsu.edu/>
Baton Rouge, LA, 70803
(225) 578-3737 (Office)
(225) 578-6400 (Fax)
________________________________
From: cas-dev-bounces at tp.its.yale.edu
[mailto:cas-dev-bounces at tp.its.yale.edu] On Behalf Of Smita Vithal
Kharkar
Sent: Monday, June 16, 2008 7:18 AM
To: cas-dev at tp.its.yale.edu; Scott Battaglia
Subject: [cas-dev] edu.yale.its.tp.cas.client.CASAuthenticationException
Hi,
I am getting following error, can anybody please suggest solution to
this problem?
I am trying to use CAS with a J2EE appli...
edu.yale.its.tp.cas.client.CASAuthenticationException: Unable to
validate ProxyTicketValidator
[[edu.yale.its.tp.cas.client.ProxyTicketValidator proxyList=[null]
[edu.yale.its.tp.cas.client.ServiceTicketValidator
casValidateUrl=[https://punitp52612d:8443/cas-server-webapp-3.2.1/servic
eValidate] ticket=[ST-22-4q2u06Aa9aI5fcscMPyS-cas]
service=[http%3A%2F%2Fpunitp76008d%3A8080%2Fehr%2Findex.jsf]
renew=false]]]
at
edu.yale.its.tp.cas.client.CASReceipt.getReceipt(CASReceipt.java:52)
at
edu.yale.its.tp.cas.client.filter.CASFilter.getAuthenticatedUser(CASFilt
er.java:455)
at
edu.yale.its.tp.cas.client.filter.CASFilter.doFilter(CASFilter.java:378)
at
org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(Applica
tionFilterChain.java:202)
at
org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilt
erChain.java:173)
at
com.infosys.ehr.web.filter.SessionExpiryCheckFilter.doFilter(SessionExpi
ryCheckFilter.java:82)
at
org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(Applica
tionFilterChain.java:202)
at
org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilt
erChain.java:173)
at
org.jboss.web.tomcat.filters.ReplyHeaderFilter.doFilter(ReplyHeaderFilte
r.java:81)
at
org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(Applica
tionFilterChain.java:202)
at
org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilt
erChain.java:173)
at
org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValv
e.java:213)
at
org.apache.catalina.core.StandardContextValve.invoke(StandardContextValv
e.java:178)
at
org.jboss.web.tomcat.security.CustomPrincipalValve.invoke(CustomPrincipa
lValve.java:39)
at
org.jboss.web.tomcat.security.SecurityAssociationValve.invoke(SecurityAs
sociationValve.java:159)
at
org.jboss.web.tomcat.security.JaccContextValve.invoke(JaccContextValve.j
ava:59)
at
org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java
:126)
at
org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java
:105)
at
org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.
java:107)
at
org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:1
48)
at
org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:85
6)
at
org.apache.coyote.http11.Http11Protocol$Http11ConnectionHandler.processC
onnection(Http11Protocol.java:744)
at
org.apache.tomcat.util.net.PoolTcpEndpoint.processSocket(PoolTcpEndpoint
.java:527)
at
org.apache.tomcat.util.net.MasterSlaveWorkerThread.run(MasterSlaveWorker
Thread.java:112)
at java.lang.Thread.run(Thread.java:595)
Caused by: javax.net.ssl.SSLHandshakeException:
sun.security.validator.ValidatorException: PKIX path building failed:
sun.security.provider.certpath.SunCertPathBuilderException: unable to
find valid certification path to requested target
at
com.sun.net.ssl.internal.ssl.Alerts.getSSLException(Alerts.java:150)
at
com.sun.net.ssl.internal.ssl.SSLSocketImpl.fatal(SSLSocketImpl.java:1476
)
at
com.sun.net.ssl.internal.ssl.Handshaker.fatalSE(Handshaker.java:174)
at
com.sun.net.ssl.internal.ssl.Handshaker.fatalSE(Handshaker.java:168)
at
com.sun.net.ssl.internal.ssl.ClientHandshaker.serverCertificate(ClientHa
ndshaker.java:847)
at
com.sun.net.ssl.internal.ssl.ClientHandshaker.processMessage(ClientHands
haker.java:106)
at
com.sun.net.ssl.internal.ssl.Handshaker.processLoop(Handshaker.java:495)
at
com.sun.net.ssl.internal.ssl.Handshaker.process_record(Handshaker.java:4
33)
at
com.sun.net.ssl.internal.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java
:815)
at
com.sun.net.ssl.internal.ssl.SSLSocketImpl.performInitialHandshake(SSLSo
cketImpl.java:1025)
at
com.sun.net.ssl.internal.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.
java:1038)
at
sun.net.www.protocol.https.HttpsClient.afterConnect(HttpsClient.java:402
)
at
sun.net.www.protocol.https.AbstractDelegateHttpsURLConnection.connect(Ab
stractDelegateHttpsURLConnection.java:170)
at
sun.net.www.protocol.http.HttpURLConnection.getInputStream(HttpURLConnec
tion.java:913)
at
sun.net.www.protocol.https.HttpsURLConnectionImpl.getInputStream(HttpsUR
LConnectionImpl.java:234)
at edu.yale.its.tp.cas.util.SecureURL.retrieve(SecureURL.java:84)
at
edu.yale.its.tp.cas.client.ServiceTicketValidator.validate(ServiceTicket
Validator.java:212)
at
edu.yale.its.tp.cas.client.CASReceipt.getReceipt(CASReceipt.java:50)
... 24 more
Caused by: sun.security.validator.ValidatorException: PKIX path building
failed: sun.security.provider.certpath.SunCertPathBuilderException:
unable to find valid certification path to requested target
at
sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:221)
at
sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:1
45)
at sun.security.validator.Validator.validate(Validator.java:203)
at
com.sun.net.ssl.internal.ssl.X509TrustManagerImpl.checkServerTrusted(X50
9TrustManagerImpl.java:172)
at
com.sun.net.ssl.internal.ssl.JsseX509TrustManager.checkServerTrusted(SSL
ContextImpl.java:320)
at
com.sun.net.ssl.internal.ssl.ClientHandshaker.serverCertificate(ClientHa
ndshaker.java:840)
... 37 more
Caused by: sun.security.provider.certpath.SunCertPathBuilderException:
unable to find valid certification path to requested target
at
sun.security.provider.certpath.SunCertPathBuilder.engineBuild(SunCertPat
hBuilder.java:236)
at
java.security.cert.CertPathBuilder.build(CertPathBuilder.java:194)
at
sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:216)
... 42 more
---
Regards,
Smita
In matters of conscience, the law of majority has no place.
**************** CAUTION - Disclaimer *****************
This e-mail contains PRIVILEGED AND CONFIDENTIAL INFORMATION intended
solely
for the use of the addressee(s). If you are not the intended recipient,
please
notify the sender by e-mail and delete the original message. Further,
you are not
to copy, disclose, or distribute this e-mail or its contents to any
other person and
any such actions are unlawful. This e-mail may contain viruses. Infosys
has taken
every reasonable precaution to minimize this risk, but is not liable for
any damage
you may sustain as a result of any virus in this e-mail. You should
carry out your
own virus checks before opening the e-mail or attachment. Infosys
reserves the
right to monitor and review the content of all messages sent to or from
this e-mail
address. Messages sent to or from this e-mail address may be stored on
the
Infosys e-mail system.
***INFOSYS******** End of Disclaimer ********INFOSYS***
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://tp.its.yale.edu/pipermail/cas-dev/attachments/20080616/a7d4925f/attachment-0001.html
More information about the cas-dev
mailing list