JBoss CAS problem
Alex Dorandish
alexdorand at gmail.com
Sat Aug 12 23:59:49 EDT 2006
Hi Scott,
I am using the jboss guide lines:
http://wiki.jboss.org/wiki/Wiki.jsp?page=SSLSetup
In that guide line the keystore is saved in a file called
server.keystoreand placed in the server/default/conf of the jboss. But
if I do as you said
I get the following error
C:\Program Files\Java\jdk1.5.0_07\bin>keytool -import -file
server.crt-keypass changeit -keystore "C:\Program
Files\Java\jdk1.5.0_07\jre\lib\security\cacerts"
Enter keystore password: v23ui95n
keytool error: java.io.IOException: Keystore was tampered with, or password
was incorrect
Cheers,
Alex
On 8/12/06, Scott Battaglia <scott_battaglia at rutgers.edu> wrote:
>
> You need to add your certificate to your JVM's local cacerts file
> (generally, JAVA_HOME\jre\lib\security\cacerts)
>
> Check out: http://www.ja-sig.org/products/cas/server/ssl/index.html
>
> -Scott
>
> Scott Battaglia
> Application Developer, Architecture & Engineering Team
> Enterprise Systems and Services, Rutgers University
> v: 732.445.0097 | f: 732.445.5493 | scott_battaglia at rutgers.edu
>
>
>
> Alex Dorandish wrote:
> > Hi All,
> >
> > I have tried to get sample cas running for two sample web application.
> > Steps I took:
> >
> > 1. I created SSL certificate and added to JBoss.
> > 2. Deployed CAS on the jboss server (ver 4.0.4)
> > 3. Created two sample web application with one public page and one
> > secured page each.
> > 4. Changed both web applications web.xml and added
> >
> > <filter>
> > <filter-name>CAS Filter</filter-name>
> >
> > <filter-class>edu.yale.its.tp.cas.client.filter.CASFilter</filter-class>
> > <init-param>
> >
> > <param-name>edu.yale.its.tp.cas.client.filter.loginUrl</param-name>
> >
> > <param-value>https://localhost:8443/cas/login</param-value>
> > </init-param>
> > <init-param>
> >
> > <param-name>edu.yale.its.tp.cas.client.filter.validateUrl</param-name>
> >
> > <param-value>https://localhost:8443/cas/serviceValidate</param-value>
> > </init-param>
> > <init-param>
> >
> > <param-name>edu.yale.its.tp.cas.client.filter.serverName</param-name>
> > <param-value>localhost:8080</param-value>
> > </init-param>
> > </filter>
> > <filter-mapping>
> > <filter-name>CAS Filter</filter-name>
> > <url-pattern>/private/*</url-pattern>
> > </filter-mapping>
> >
> > What happens is it gets redirected to loging page. It logins
> > successfully but it throughs the following exception:
> >
> > edu.yale.its.tp.cas.client.CASAuthenticationException: Unable to
> > validate ProxyTicketValidator
> > [[edu.yale.its.tp.cas.client.ProxyTicketValidator proxyList=[null]
> > [edu.yale.its.tp.cas.client.ServiceTicketValidator
> > casValidateUrl=[https://localhost:8443/cas/serviceValidate]
> > ticket=[ST-2-5qgpLLMsFNRu2d25L2eBoNCwQMmeVZJzIeq-20]
> >
> service=[http%3A%2F%2Flocalhost%3A8080%2FSampleCas%2Fprivate%2Findex.jsp]
> > renew=false]]]
> > at
> > edu.yale.its.tp.cas.client.CASReceipt.getReceipt(CASReceipt.java:52)
> > at
> > edu.yale.its.tp.cas.client.filter.CASFilter.getAuthenticatedUser(
> CASFilter.java:455)
> > at
> > edu.yale.its.tp.cas.client.filter.CASFilter.doFilter(CASFilter.java:378)
> > at
> > org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(
> ApplicationFilterChain.java:202)
> > at
> > org.apache.catalina.core.ApplicationFilterChain.doFilter(
> ApplicationFilterChain.java:173)
> > at
> > org.jboss.web.tomcat.filters.ReplyHeaderFilter.doFilter(
> ReplyHeaderFilter.java:96)
> > at
> > org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(
> ApplicationFilterChain.java:202)
> > at
> > org.apache.catalina.core.ApplicationFilterChain.doFilter(
> ApplicationFilterChain.java:173)
> > at
> > org.apache.catalina.core.StandardWrapperValve.invoke(
> StandardWrapperValve.java:213)
> > at
> > org.apache.catalina.core.StandardContextValve.invoke(
> StandardContextValve.java:178)
> > at
> > org.jboss.web.tomcat.security.SecurityAssociationValve.invoke(
> SecurityAssociationValve.java:175)
> > at
> > org.jboss.web.tomcat.security.JaccContextValve.invoke(
> JaccContextValve.java:74)
> > at
> > org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java
> :126)
> > at
> > org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java
> :105)
> > at
> > org.apache.catalina.core.StandardEngineValve.invoke(
> StandardEngineValve.java:107)
> > at
> > org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java
> :148)
> > at
> > org.apache.coyote.http11.Http11Processor.process(Http11Processor.java
> :869)
> > at
> >
> org.apache.coyote.http11.Http11BaseProtocol$Http11ConnectionHandler.processConnection
> (Http11BaseProtocol.java:664)
> > at
> > org.apache.tomcat.util.net.PoolTcpEndpoint.processSocket(
> PoolTcpEndpoint.java:527)
> > at
> > org.apache.tomcat.util.net.MasterSlaveWorkerThread.run(
> MasterSlaveWorkerThread.java:112)
> > at java.lang.Thread.run(Unknown Source)
> > Caused by: javax.net.ssl.SSLHandshakeException:
> > sun.security.validator.ValidatorException: PKIX path building failed:
> > sun.security.provider.certpath.SunCertPathBuilderException: unable to
> > find valid certification path to requested target
> > at com.sun.net.ssl.internal.ssl.Alerts.getSSLException(Unknown
> > Source)
> > at com.sun.net.ssl.internal.ssl.SSLSocketImpl.fatal(Unknown
> > Source)
> > at com.sun.net.ssl.internal.ssl.Handshaker.fatalSE(Unknown
> Source)
> > at com.sun.net.ssl.internal.ssl.Handshaker.fatalSE(Unknown
> Source)
> > at
> > com.sun.net.ssl.internal.ssl.ClientHandshaker.serverCertificate(Unknown
> > Source)
> > at
> > com.sun.net.ssl.internal.ssl.ClientHandshaker.processMessage(Unknown
> > Source)
> > at com.sun.net.ssl.internal.ssl.Handshaker.processLoop(Unknown
> > Source)
> > at
> > com.sun.net.ssl.internal.ssl.Handshaker.process_record(Unknown Source)
> > at
> > com.sun.net.ssl.internal.ssl.SSLSocketImpl.readRecord(Unknown Source)
> > at
> > com.sun.net.ssl.internal.ssl.SSLSocketImpl.performInitialHandshake
> (Unknown
> > Source)
> > at
> > com.sun.net.ssl.internal.ssl.SSLSocketImpl.startHandshake(Unknown
> Source)
> > at
> > com.sun.net.ssl.internal.ssl.SSLSocketImpl.startHandshake(Unknown
> Source)
> > at sun.net.www.protocol.https.HttpsClient.afterConnect(Unknown
> > Source)
> > at
> > sun.net.www.protocol.https.AbstractDelegateHttpsURLConnection.connect
> (Unknown
> > Source)
> > at
> > sun.net.www.protocol.http.HttpURLConnection.getInputStream(Unknown
> Source)
> > at
> > sun.net.www.protocol.https.HttpsURLConnectionImpl.getInputStream(Unknown
> > Source)
> > at edu.yale.its.tp.cas.util.SecureURL.retrieve(SecureURL.java
> :36)
> > at
> > edu.yale.its.tp.cas.client.ServiceTicketValidator.validate(
> ServiceTicketValidator.java:212)
> > at
> > edu.yale.its.tp.cas.client.CASReceipt.getReceipt(CASReceipt.java:50)
> > ... 20 more
> > Caused by: sun.security.validator.ValidatorException: PKIX path
> > building failed:
> > sun.security.provider.certpath.SunCertPathBuilderException: unable to
> > find valid certification path to requested target
> > at sun.security.validator.PKIXValidator.doBuild(Unknown Source)
> > at sun.security.validator.PKIXValidator.engineValidate(Unknown
> > Source)
> > at sun.security.validator.Validator.validate(Unknown Source)
> > at
> > com.sun.net.ssl.internal.ssl.X509TrustManagerImpl.checkServerTrusted
> (Unknown
> > Source)
> > at
> > com.sun.net.ssl.internal.ssl.JsseX509TrustManager.checkServerTrusted
> (Unknown
> > Source)
> > ... 35 more
> > Caused by: sun.security.provider.certpath.SunCertPathBuilderException:
> > unable to find valid certification path to requested target
> > at
> > sun.security.provider.certpath.SunCertPathBuilder.engineBuild(Unknown
> > Source)
> > at java.security.cert.CertPathBuilder.build(Unknown Source)
> > ... 40 more
> >
> > Any reasons why?
> >
> > Cheers,
> >
> > Alex
> > ------------------------------------------------------------------------
> >
> > _______________________________________________
> > Yale CAS mailing list
> > cas at tp.its.yale.edu
> > http://tp.its.yale.edu/mailman/listinfo/cas
> >
> _______________________________________________
> Yale CAS mailing list
> cas at tp.its.yale.edu
> http://tp.its.yale.edu/mailman/listinfo/cas
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://tp.its.yale.edu/pipermail/cas/attachments/20060812/e32dd25b/attachment.html
More information about the cas
mailing list