Acegi and CAS running under Apache+Tomcat

Giesin, Peter (NBC Universal) Peter.Giesin at nbcuni.com
Wed Sep 6 14:08:48 EDT 2006 

I am trying to migrate a sample Acegi/CAS running under Tomcat to use Apache+Tomcat. I am trying to move the SSL from Tomcat to Apache. During the Tomcat installation I had to specify the "trustStore" attribute as part of my Acegi configuration. As part of the migration I changed this to point to the apache cert file. This caused the following error:

[CODE]11:37:54,421  WARN LoggerListener:55 - Authentication event AuthenticationFailureServiceExceptionEvent: _cas_stateful_; details: org.acegisecurity.ui.WebAuthenticationDetails at 0: RemoteIpAddress: 3.44.115.136; SessionId: 3D1A7E8EC3BC4CC2DE330D3CB0D4DC4D; exception: Default SSL context init failed: Invalid keystore format
[/CODE]

I then commented this attribute out and am receiving the following error:

[CODE]11:51:45,356  WARN LoggerListener:55 - Authentication event AuthenticationFailureServiceExceptionEvent: _cas_stateful_; details: org.acegisecurity.ui.WebAuthenticationDetails at 0: RemoteIpAddress: 3.44.115.136; SessionId: 3FFC95ACF58DCB9EDDE8B693CFD1005B; exception: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
[/CODE]

The problem that I am seeing is that the secure request is redirected to CAS where it is successfully authenticated. During the redirect back to the app I always get unsuccessful authentication:

[CODE]Authentication object as a String: org.acegisecurity.providers.anonymous.AnonymousAuthenticationToken at 905571d8: Username: anonymousUser; Password: [PROTECTED]; Authenticated: true; Details: org.acegisecurity.ui.WebAuthenticationDetails at 0: RemoteIpAddress: 3.44.115.136; SessionId: 3FFC95ACF58DCB9EDDE8B693CFD1005B; Granted Authorities: ROLE_ANONYMOUS
[/CODE]

Has anyone managed to move an Acegi app behind Apache+Tomcat and successfully integrate with CAS?

I have included the complete log files and configuration files if they are helpful.

Thanks in advance,
Pete

 <<cas.zip>> 

-------------- next part --------------
A non-text attachment was scrubbed...
Name: cas.zip
Type: application/x-zip-compressed
Size: 9929 bytes
Desc: cas.zip
Url : http://tp.its.yale.edu/pipermail/cas/attachments/20060906/58ce95e7/cas.bin

More information about the cas mailing list