To configure client to access CAS Filter

Manisha Satija manishasatija at gmail.com
Thu Oct 12 10:06:53 EDT 2006 

Hi,
   Can I set some attribute in session in CAS.
   If yes ,how


On 9/29/06, zheng.guozhu <zhenggz at gmail.com> wrote:
>
> Manisha,
>
> Because the CAS filter requests the validation information through SSL
> channel. It works when you deploy both the CAS server and filter because
> they are using the same JVM with the same certification keystore. If the CAS
> filter is deployed in the other server with a different JVM, you must export
> the certification file from the server and import it into the filter server.
> There maybe exist a Wiki page of manual, pls check it.
>
> Zheng Guozhu
>
>  On 9/29/06, Manisha Satija <manishasatija at gmail.com> wrote:
>
> >  Hi,
> > When I deploy CAS ans Sample Application on the same server it works
> > fine, but when I deployed them on two different server it gives me the cas
> > login screen , but After login I gets Exception as
> >
> > SEVERE: Servlet.service() for servlet HelloServlet threw exception
> > javax.net.ssl.SSLHandshakeException:
> > sun.security.validator.ValidatorException: PKIX path building failed:
> > sun.security.provider.certpath.SunCertPathBuilderException : unable to
> > find valid certification path to requested target
> >  at com.sun.net.ssl.internal.ssl.Alerts.getSSLException(Unknown Source)
> >  at com.sun.net.ssl.internal.ssl.SSLSocketImpl.fatal(Unknown Source)
> >  at com.sun.net.ssl.internal.ssl.Handshaker.fatalSE (Unknown Source)
> >  at com.sun.net.ssl.internal.ssl.Handshaker.fatalSE(Unknown Source)
> >  at com.sun.net.ssl.internal.ssl.ClientHandshaker.serverCertificate(Unknown
> > Source)
> >  at com.sun.net.ssl.internal.ssl.ClientHandshaker.processMessage(Unknown Source)
> >  at com.sun.net.ssl.internal.ssl.Handshaker.processLoop(Unknown Source)
> >  at com.sun.net.ssl.internal.ssl.Handshaker.process_record(Unknown
> > Source)
> >  at com.sun.net.ssl.internal.ssl.SSLSocketImpl.readRecord (Unknown
> > Source)
> >  at com.sun.net.ssl.internal.ssl.SSLSocketImpl.performInitialHandshake(Unknown
> > Source)
> >  at com.sun.net.ssl.internal.ssl.SSLSocketImpl.startHandshake(Unknown
> > Source)
> >  at sun.net.www.protocol.https.HttpsClient.afterConnect (Unknown Source)
> >  at
> > sun.net.www.protocol.https.AbstractDelegateHttpsURLConnection.connect(Unknown
> > Source)
> >  at sun.net.www.protocol.http.HttpURLConnection.getInputStream(Unknown
> > Source)
> >  at sun.net.www.protocol.https.HttpsURLConnectionImpl.getInputStream(Unknown Source)
> >  at edu.yale.its.tp.cas.util.SecureURL.retrieve(SecureURL.java:84)
> >  at edu.yale.its.tp.cas.client.ServiceTicketValidator.validate(
> > ServiceTicketValidator.java:212)
> >  at edu.yale.its.tp.cas.client.filter.CASFilter.getAuthenticatedUser (
> > CASFilter.java:100)
> >  at edu.yale.its.tp.cas.client.filter.CASFilter.doFilter(CASFilter.java
> > :73)
> >  at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(
> > ApplicationFilterChain.java:186)
> >  at org.apache.catalina.core.ApplicationFilterChain.doFilter (
> > ApplicationFilterChain.java:157)
> >  at org.apache.catalina.core.StandardWrapperValve.invoke(
> > StandardWrapperValve.java:214)
> >  at org.apache.catalina.core.StandardContextValve.invoke(
> > StandardContextValve.java:178)
> >  at org.apache.catalina.core.StandardHostValve.invoke(
> > StandardHostValve.java:126)
> >  at org.apache.catalina.valves.ErrorReportValve.invoke(
> > ErrorReportValve.java:105)
> >  at org.apache.catalina.core.StandardEngineValve.invoke (
> > StandardEngineValve.java:107)
> >  at org.apache.catalina.connector.CoyoteAdapter.service(
> > CoyoteAdapter.java:148)
> >  at org.apache.coyote.http11.Http11Processor.process(
> > Http11Processor.java:825)
> >  at
> > org.apache.coyote.http11.Http11Protocol$Http11ConnectionHandler.processConnection(
> > Http11Protocol.java:731)
> >  at org.apache.tomcat.util.net.PoolTcpEndpoint.processSocket(
> > PoolTcpEndpoint.java:526)
> >  at org.apache.tomcat.util.net.LeaderFollowerWorkerThread.runIt(
> > LeaderFollowerWorkerThread.java:80)
> >  at org.apache.tomcat.util.threads.ThreadPool$ControlRunnable.run(
> > ThreadPool.java:684)
> >  at java.lang.Thread.run(Unknown Source)
> > Caused by: sun.security.validator.ValidatorException: PKIX path building
> > failed: sun.security.provider.certpath.SunCertPathBuilderException :
> > unable to find valid certification path to requested target
> >  at sun.security.validator.PKIXValidator.doBuild(Unknown Source)
> >  at sun.security.validator.PKIXValidator.engineValidate(Unknown Source)
> >  at sun.security.validator.Validator.validate (Unknown Source)
> >  at com.sun.net.ssl.internal.ssl.X509TrustManagerImpl.checkServerTrusted(Unknown
> > Source)
> >  at com.sun.net.ssl.internal.ssl.JsseX509TrustManager.checkServerTrusted(Unknown
> > Source)
> >  ... 29 more
> > Caused by: sun.security.provider.certpath.SunCertPathBuilderException:
> > unable to find valid certification path to requested target
> >  at sun.security.provider.certpath.SunCertPathBuilder.engineBuild(Unknown
> > Source)
> >  at java.security.cert.CertPathBuilder.build (Unknown Source)
> >  ... 34 more
> >
> > Thank You
> >
> > Regards,
> > Manisha
> >
> >  On 9/28/06, Scott Battaglia < scott.battaglia at gmail.com> wrote:
> >
> > > You'll want to configure the new application similar to the current
> > > application such that when you attempt to access /sample it will redirect
> > > you to CAS which will recognize the existing SSO session.
> > >
> > > -Scott
> > >
> > >  On 9/28/06, Manisha Satija < manishasatija at gmail.com> wrote:
> > >
> > > >  Hi,
> > > >     I have deployed CAS and portal application on server and in web
> > > > xml file of portal i have given the entries as below
> > > >
> > > > <filter>
> > > >     <filter-name>CAS Filter</filter-name>
> > > >     <filter-class>edu.yale.its.tp.cas.client.filter.CASFilter
> > > > </filter-class>
> > > >     <init-param>
> > > >       <param-name> edu.yale.its.tp.cas.client.filter.loginUrl
> > > > </param-name>
> > > >       <param-value>https://portalserver:8443/cas/login
> > > > </param-value>
> > > >     </init-param>
> > > >     <init-param>
> > > >       <param-name>edu.yale.its.tp.cas.client.filter.validateUrl
> > > > </param-name>
> > > >       <param-value> https://portalserver:8443/cas/proxyValidate
> > > > </param-value>
> > > >     </init-param>
> > > >     <init-param>
> > > >       <param-name>edu.yale.its.tp.cas.client.filter.serviceUrl
> > > > </param-name>
> > > >       <param-value> http://portalserver:8080/casSample/index.jsp</param-value>
> > > >
> > > >     </init-param>
> > > >   </filter>
> > > >
> > > >  <filter-mapping>
> > > >     <filter-name>CAS Filter</filter-name>
> > > >     <url-pattern>/*</url-pattern>
> > > >   </filter-mapping>
> > > >
> > > >     <servlet>
> > > >         <servlet-name>HelloServlet</servlet-name>
> > > >         <servlet-class>mypackage.Hello</servlet-class>
> > > >     </servlet>
> > > >
> > > >     <servlet-mapping>
> > > >         <servlet-name>HelloServlet</servlet-name>
> > > >         <url-pattern>/hello</url-pattern>
> > > >     </servlet-mapping>
> > > >
> > > >
> > > > Its working fine when i hit the url of portal its give me cas login
> > > > page and after authentication i log into the portal  index page.
> > > >
> > > > In index page i have given the link of   sample application which is
> > > > stored in another server say clientserver. I want that when i hit the link
> > > > say http://clientserver:8080/sample
> > > > I should be allowed to access the application
> > > > without reauthentication but with ticket so that I can aceess the user in
> > > > clientserver and the their session within two server should be same.
> > > > But if I hit the url http://clientserver:8080/sample  through
> > > > address bar without logging into portalserver I should be redirected to the
> > > > cas login pagefor authetication.
> > > >
> > > > So can you suggest be any solution for it and also what will the
> > > > entries in my web xml of sample application on clientserver.
> > > >
> > > > Thank You in advance.
> > > >
> > > > Regards,
> > > > Manisha
> > > >
> > > >  On 9/27/06, Manisha Satija <manishasatija at gmail.com > wrote:
> > > > >
> > > > > no its proxyValidate
> > > > >
> > > > > On 9/27/06, Frank Taffelt < frank.taffelt at interface-business.de>
> > > > > wrote:
> > > > > >
> > > > > > MMS21 wrote:
> > > > > > <init-param>
> > > > > > > <param-name>edu.yale.its.tp.cas.client.filter.validateUrl</param-name>
> > > > > > > <param-value>https://server:8443/cas/proxyValidate</param-value>
> > > > > >
> > > > > > > </init-param>
> > > > > >
> > > > > > are you sure that you don't mean   https://server:8443/cas/serviceValidate
> > > > > >
> > > > > > instead https://server:8443/cas/proxyValidate ?
> > > > > >
> > > > > > Frank
> > > > > >
> > > > > > _______________________________________________
> > > > > > Yale CAS mailing list
> > > > > > cas at tp.its.yale.edu
> > > > > > http://tp.its.yale.edu/mailman/listinfo/cas
> > > > > >
> > > > >
> > > > >
> > > >
> > > > _______________________________________________
> > > > Yale CAS mailing list
> > > > cas at tp.its.yale.edu
> > > > http://tp.its.yale.edu/mailman/listinfo/cas
> > > >
> > > >
> > > >
> > >
> > > _______________________________________________
> > > Yale CAS mailing list
> > > cas at tp.its.yale.edu
> > > http://tp.its.yale.edu/mailman/listinfo/cas
> > >
> > >
> > >
> >
> > _______________________________________________
> > Yale CAS mailing list
> > cas at tp.its.yale.edu
> > http://tp.its.yale.edu/mailman/listinfo/cas
> >
> >
> >
>
> _______________________________________________
> Yale CAS mailing list
> cas at tp.its.yale.edu
> http://tp.its.yale.edu/mailman/listinfo/cas
>
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://tp.its.yale.edu/pipermail/cas/attachments/20061012/58f1c53d/attachment.html

More information about the cas mailing list