JBoss CAS problem

[Alex Dorandish]

Hi All,

I have tried to get sample cas running for two sample web application. Steps
I took:

1. I created SSL certificate and added to JBoss.
2. Deployed CAS on the jboss server (ver 4.0.4)
3. Created two sample web application with one public page and one secured
page each.
4. Changed both web applications web.xml and added

        <filter>
                <filter-name>CAS Filter</filter-name>
                <filter-class>edu.yale.its.tp.cas.client.filter.CASFilter
</filter-class>
                <init-param>
                        <param-name>
edu.yale.its.tp.cas.client.filter.loginUrl</param-name>
                        <param-value>https://localhost:8443/cas/login
</param-value>
                </init-param>
                <init-param>
                        <param-name>
edu.yale.its.tp.cas.client.filter.validateUrl</param-name>
                        <param-value>
https://localhost:8443/cas/serviceValidate</param-value>
                </init-param>
                <init-param>
                        <param-name>
edu.yale.its.tp.cas.client.filter.serverName</param-name>
                        <param-value>localhost:8080</param-value>
                </init-param>
        </filter>
        <filter-mapping>
            <filter-name>CAS Filter</filter-name>
            <url-pattern>/private/*</url-pattern>
        </filter-mapping>

What happens is it gets redirected to loging page. It logins successfully
but it throughs the following exception:

edu.yale.its.tp.cas.client.CASAuthenticationException: Unable to validate
ProxyTicketValidator
[[edu.yale.its.tp.cas.client.ProxyTicketValidatorproxyList=[null] [
edu.yale.its.tp.cas.client.ServiceTicketValidator casValidateUrl=[
https://localhost:8443/cas/serviceValidate]
ticket=[ST-2-5qgpLLMsFNRu2d25L2eBoNCwQMmeVZJzIeq-20]
service=[http%3A%2F%2Flocalhost%3A8080%2FSampleCas%2Fprivate%2Findex.jsp]
renew=false]]]
        at edu.yale.its.tp.cas.client.CASReceipt.getReceipt(CASReceipt.java
:52)
        at edu.yale.its.tp.cas.client.filter.CASFilter.getAuthenticatedUser(
CASFilter.java:455)
        at edu.yale.its.tp.cas.client.filter.CASFilter.doFilter(
CASFilter.java:378)
        at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(
ApplicationFilterChain.java:202)
        at org.apache.catalina.core.ApplicationFilterChain.doFilter(
ApplicationFilterChain.java:173)
        at org.jboss.web.tomcat.filters.ReplyHeaderFilter.doFilter(
ReplyHeaderFilter.java:96)
        at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(
ApplicationFilterChain.java:202)
        at org.apache.catalina.core.ApplicationFilterChain.doFilter(
ApplicationFilterChain.java:173)
        at org.apache.catalina.core.StandardWrapperValve.invoke(
StandardWrapperValve.java:213)
        at org.apache.catalina.core.StandardContextValve.invoke(
StandardContextValve.java:178)
        at org.jboss.web.tomcat.security.SecurityAssociationValve.invoke(
SecurityAssociationValve.java:175)
        at org.jboss.web.tomcat.security.JaccContextValve.invoke(
JaccContextValve.java:74)
        at org.apache.catalina.core.StandardHostValve.invoke(
StandardHostValve.java:126)
        at org.apache.catalina.valves.ErrorReportValve.invoke(
ErrorReportValve.java:105)
        at org.apache.catalina.core.StandardEngineValve.invoke(
StandardEngineValve.java:107)
        at org.apache.catalina.connector.CoyoteAdapter.service(
CoyoteAdapter.java:148)
        at org.apache.coyote.http11.Http11Processor.process(
Http11Processor.java:869)
        at
org.apache.coyote.http11.Http11BaseProtocol$Http11ConnectionHandler.processConnection
(Http11BaseProtocol.java:664)
        at org.apache.tomcat.util.net.PoolTcpEndpoint.processSocket(
PoolTcpEndpoint.java:527)
        at org.apache.tomcat.util.net.MasterSlaveWorkerThread.run(
MasterSlaveWorkerThread.java:112)
        at java.lang.Thread.run(Unknown Source)
Caused by: javax.net.ssl.SSLHandshakeException:
sun.security.validator.ValidatorException: PKIX path building failed:
sun.security.provider.certpath.SunCertPathBuilderException: unable to find
valid certification path to requested target
        at com.sun.net.ssl.internal.ssl.Alerts.getSSLException(Unknown
Source)
        at com.sun.net.ssl.internal.ssl.SSLSocketImpl.fatal(Unknown Source)
        at com.sun.net.ssl.internal.ssl.Handshaker.fatalSE(Unknown Source)
        at com.sun.net.ssl.internal.ssl.Handshaker.fatalSE(Unknown Source)
        at com.sun.net.ssl.internal.ssl.ClientHandshaker.serverCertificate(Unknown
Source)
        at com.sun.net.ssl.internal.ssl.ClientHandshaker.processMessage(Unknown
Source)
        at com.sun.net.ssl.internal.ssl.Handshaker.processLoop(Unknown
Source)
        at com.sun.net.ssl.internal.ssl.Handshaker.process_record(Unknown
Source)
        at com.sun.net.ssl.internal.ssl.SSLSocketImpl.readRecord(Unknown
Source)
        at
com.sun.net.ssl.internal.ssl.SSLSocketImpl.performInitialHandshake(Unknown
Source)
        at com.sun.net.ssl.internal.ssl.SSLSocketImpl.startHandshake(Unknown
Source)
        at com.sun.net.ssl.internal.ssl.SSLSocketImpl.startHandshake(Unknown
Source)
        at sun.net.www.protocol.https.HttpsClient.afterConnect(Unknown
Source)
        at
sun.net.www.protocol.https.AbstractDelegateHttpsURLConnection.connect(Unknown
Source)
        at sun.net.www.protocol.http.HttpURLConnection.getInputStream(Unknown
Source)
        at sun.net.www.protocol.https.HttpsURLConnectionImpl.getInputStream(Unknown
Source)
        at edu.yale.its.tp.cas.util.SecureURL.retrieve(SecureURL.java:36)
        at edu.yale.its.tp.cas.client.ServiceTicketValidator.validate(
ServiceTicketValidator.java:212)
        at edu.yale.its.tp.cas.client.CASReceipt.getReceipt(CASReceipt.java
:50)
        ... 20 more
Caused by: sun.security.validator.ValidatorException: PKIX path building
failed: sun.security.provider.certpath.SunCertPathBuilderException: unable
to find valid certification path to requested target
        at sun.security.validator.PKIXValidator.doBuild(Unknown Source)
        at sun.security.validator.PKIXValidator.engineValidate(Unknown
Source)
        at sun.security.validator.Validator.validate(Unknown Source)
        at
com.sun.net.ssl.internal.ssl.X509TrustManagerImpl.checkServerTrusted(Unknown
Source)
        at
com.sun.net.ssl.internal.ssl.JsseX509TrustManager.checkServerTrusted(Unknown
Source)
        ... 35 more
Caused by: sun.security.provider.certpath.SunCertPathBuilderException:
unable to find valid certification path to requested target
        at sun.security.provider.certpath.SunCertPathBuilder.engineBuild(Unknown
Source)
        at java.security.cert.CertPathBuilder.build(Unknown Source)
        ... 40 more

Any reasons why?

Cheers,

Alex
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://tp.its.yale.edu/pipermail/cas/attachments/20060812/1c24ebca/attachment.html