JBoss CAS problem
Scott Battaglia
scott_battaglia at rutgers.edu
Wed Aug 16 22:39:37 EDT 2006
Alex,
Were you able to get this working? I've always updated the JVM cacerts
file, but then I generally use Tomcat. If you were able to get it work,
can you provide us with information for JBoss so we can update that
documentation?
Thanks
-Scott
Scott Battaglia
Application Developer, Architecture & Engineering Team
Enterprise Systems and Services, Rutgers University
v: 732.445.0097 | f: 732.445.5493 | scott_battaglia at rutgers.edu
Alex Dorandish wrote:
> Hi Scott,
>
> I am using the jboss guide lines:
> http://wiki.jboss.org/wiki/Wiki.jsp?page=SSLSetup
>
> In that guide line the keystore is saved in a file called
> server.keystore and placed in the server/default/conf of the jboss.
> But if I do as you said I get the following error
>
> C:\Program Files\Java\jdk1.5.0_07\bin>keytool -import -file server.crt
> -keypass changeit -keystore "C:\Program
> Files\Java\jdk1.5.0_07\jre\lib\security\cacerts"
> Enter keystore password: v23ui95n
> keytool error: java.io.IOException: Keystore was tampered with, or
> password was incorrect
>
> Cheers,
>
> Alex
>
> On 8/12/06, *Scott Battaglia* <scott_battaglia at rutgers.edu
> <mailto:scott_battaglia at rutgers.edu>> wrote:
>
> You need to add your certificate to your JVM's local cacerts file
> (generally, JAVA_HOME\jre\lib\security\cacerts)
>
> Check out: http://www.ja-sig.org/products/cas/server/ssl/index.html
>
> -Scott
>
> Scott Battaglia
> Application Developer, Architecture & Engineering Team
> Enterprise Systems and Services, Rutgers University
> v: 732.445.0097 | f: 732.445.5493 | scott_battaglia at rutgers.edu
> <mailto:scott_battaglia at rutgers.edu>
>
>
>
> Alex Dorandish wrote:
> > Hi All,
> >
> > I have tried to get sample cas running for two sample web
> application.
> > Steps I took:
> >
> > 1. I created SSL certificate and added to JBoss.
> > 2. Deployed CAS on the jboss server (ver 4.0.4)
> > 3. Created two sample web application with one public page and one
> > secured page each.
> > 4. Changed both web applications web.xml and added
> >
> > <filter>
> > <filter-name>CAS Filter</filter-name>
> >
> >
> <filter-class>edu.yale.its.tp.cas.client.filter.CASFilter</filter-class>
> > <init-param>
> >
> > <param-name>edu.yale.its.tp.cas.client.filter.loginUrl </param-name>
> >
> > <param-value>https://localhost:8443/cas/login</param-value>
> > </init-param>
> > <init-param>
> >
> >
> <param-name>edu.yale.its.tp.cas.client.filter.validateUrl</param-name>
> >
> > <param-value>https://localhost:8443/cas/serviceValidate
> <https://localhost:8443/cas/serviceValidate></param-value>
> > </init-param>
> > <init-param>
> >
> >
> <param-name>edu.yale.its.tp.cas.client.filter.serverName</param-name>
> > <param-value>localhost:8080</param-value>
> > </init-param>
> > </filter>
> > <filter-mapping>
> > <filter-name>CAS Filter</filter-name>
> > <url-pattern>/private/*</url-pattern>
> > </filter-mapping>
> >
> > What happens is it gets redirected to loging page. It logins
> > successfully but it throughs the following exception:
> >
> > edu.yale.its.tp.cas.client.CASAuthenticationException : Unable to
> > validate ProxyTicketValidator
> > [[edu.yale.its.tp.cas.client.ProxyTicketValidator proxyList=[null]
> > [edu.yale.its.tp.cas.client.ServiceTicketValidator
> > casValidateUrl=[ https://localhost:8443/cas/serviceValidate]
> > ticket=[ST-2-5qgpLLMsFNRu2d25L2eBoNCwQMmeVZJzIeq-20]
> >
> service=[http%3A%2F%2Flocalhost%3A8080%2FSampleCas%2Fprivate%2Findex.jsp]
> > renew=false]]]
> > at
> > edu.yale.its.tp.cas.client.CASReceipt.getReceipt(CASReceipt.java:52)
> > at
> >
> edu.yale.its.tp.cas.client.filter.CASFilter.getAuthenticatedUser(CASFilter.java:455)
> > at
> > edu.yale.its.tp.cas.client.filter.CASFilter.doFilter
> (CASFilter.java:378)
> > at
> >
> org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:202)
> > at
> > org.apache.catalina.core.ApplicationFilterChain.doFilter
> (ApplicationFilterChain.java:173)
> > at
> >
> org.jboss.web.tomcat.filters.ReplyHeaderFilter.doFilter(ReplyHeaderFilter.java:96)
> > at
> > org.apache.catalina.core.ApplicationFilterChain.internalDoFilter
> (ApplicationFilterChain.java:202)
> > at
> >
> org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:173)
> > at
> > org.apache.catalina.core.StandardWrapperValve.invoke
> (StandardWrapperValve.java:213)
> > at
> >
> org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:178)
> > at
> > org.jboss.web.tomcat.security.SecurityAssociationValve.invoke
> (SecurityAssociationValve.java:175)
> > at
> >
> org.jboss.web.tomcat.security.JaccContextValve.invoke(JaccContextValve.java:74)
> > at
> >
> org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java
> :126)
> > at
> >
> org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:105)
> > at
> >
> org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:107)
> > at
> >
> org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:148)
> > at
> >
> org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:869)
> > at
> >
> org.apache.coyote.http11.Http11BaseProtocol$Http11ConnectionHandler.processConnection(Http11BaseProtocol.java:664)
> > at
> >
> org.apache.tomcat.util.net.PoolTcpEndpoint.processSocket(PoolTcpEndpoint.java
> :527)
> > at
> >
> org.apache.tomcat.util.net.MasterSlaveWorkerThread.run(MasterSlaveWorkerThread.java:112)
> > at java.lang.Thread.run(Unknown Source)
> > Caused by: javax.net.ssl.SSLHandshakeException :
> > sun.security.validator.ValidatorException: PKIX path building
> failed:
> > sun.security.provider.certpath.SunCertPathBuilderException:
> unable to
> > find valid certification path to requested target
> > at
> com.sun.net.ssl.internal.ssl.Alerts.getSSLException(Unknown
> > Source)
> > at com.sun.net.ssl.internal.ssl.SSLSocketImpl.fatal(Unknown
> > Source)
> > at com.sun.net.ssl.internal.ssl.Handshaker.fatalSE
> (Unknown Source)
> > at
> com.sun.net.ssl.internal.ssl.Handshaker.fatalSE(Unknown Source)
> > at
> >
> com.sun.net.ssl.internal.ssl.ClientHandshaker.serverCertificate(Unknown
> > Source)
> > at
> > com.sun.net.ssl.internal.ssl.ClientHandshaker.processMessage(Unknown
> > Source)
> > at
> com.sun.net.ssl.internal.ssl.Handshaker.processLoop(Unknown
> > Source)
> > at
> > com.sun.net.ssl.internal.ssl.Handshaker.process_record (Unknown
> Source)
> > at
> > com.sun.net.ssl.internal.ssl.SSLSocketImpl.readRecord(Unknown
> Source)
> > at
> >
> com.sun.net.ssl.internal.ssl.SSLSocketImpl.performInitialHandshake(Unknown
> > Source)
> > at
> >
> com.sun.net.ssl.internal.ssl.SSLSocketImpl.startHandshake(Unknown
> Source)
> > at
> >
> com.sun.net.ssl.internal.ssl.SSLSocketImpl.startHandshake(Unknown
> Source)
> > at
> sun.net.www.protocol.https.HttpsClient.afterConnect(Unknown
> > Source)
> > at
> >
> sun.net.www.protocol.https.AbstractDelegateHttpsURLConnection.connect(Unknown
> > Source)
> > at
> >
> sun.net.www.protocol.http.HttpURLConnection.getInputStream(Unknown
> Source)
> > at
> >
> sun.net.www.protocol.https.HttpsURLConnectionImpl.getInputStream(Unknown
> > Source)
> > at edu.yale.its.tp.cas.util.SecureURL.retrieve
> (SecureURL.java:36)
> > at
> >
> edu.yale.its.tp.cas.client.ServiceTicketValidator.validate(ServiceTicketValidator.java:212)
> > at
> > edu.yale.its.tp.cas.client.CASReceipt.getReceipt(CASReceipt.java
> :50)
> > ... 20 more
> > Caused by: sun.security.validator.ValidatorException: PKIX path
> > building failed:
> > sun.security.provider.certpath.SunCertPathBuilderException:
> unable to
> > find valid certification path to requested target
> > at sun.security.validator.PKIXValidator.doBuild(Unknown
> Source)
> > at
> sun.security.validator.PKIXValidator.engineValidate(Unknown
> > Source)
> > at sun.security.validator.Validator.validate (Unknown
> Source)
> > at
> >
> com.sun.net.ssl.internal.ssl.X509TrustManagerImpl.checkServerTrusted(Unknown
> > Source)
> > at
> >
> com.sun.net.ssl.internal.ssl.JsseX509TrustManager.checkServerTrusted
> (Unknown
> > Source)
> > ... 35 more
> > Caused by:
> sun.security.provider.certpath.SunCertPathBuilderException:
> > unable to find valid certification path to requested target
> > at
> >
> sun.security.provider.certpath.SunCertPathBuilder.engineBuild(Unknown
> > Source)
> > at java.security.cert.CertPathBuilder.build(Unknown Source)
> > ... 40 more
> >
> > Any reasons why?
> >
> > Cheers,
> >
> > Alex
> >
> ------------------------------------------------------------------------
> >
> > _______________________________________________
> > Yale CAS mailing list
> > cas at tp.its.yale.edu <mailto:cas at tp.its.yale.edu>
> > http://tp.its.yale.edu/mailman/listinfo/cas
> >
> _______________________________________________
> Yale CAS mailing list
> cas at tp.its.yale.edu <mailto:cas at tp.its.yale.edu>
> http://tp.its.yale.edu/mailman/listinfo/cas
>
>
> ------------------------------------------------------------------------
>
> _______________________________________________
> Yale CAS mailing list
> cas at tp.its.yale.edu
> http://tp.its.yale.edu/mailman/listinfo/cas
>
More information about the cas
mailing list