Acegi and CAS running under Apache+Tomcat

Scott Battaglia scott.battaglia at gmail.com
Wed Sep 6 14:19:06 EDT 2006 

Peter,

We run Acegi behind Apache+Tomcat here.  We always make sure any self-signed
certificates are added to our JVM's cacerts file and never have an issue.

-Scott

On 9/6/06, Giesin, Peter (NBC Universal) <Peter.Giesin at nbcuni.com> wrote:
>
> I am trying to migrate a sample Acegi/CAS running under Tomcat to use
> Apache+Tomcat. I am trying to move the SSL from Tomcat to Apache. During the
> Tomcat installation I had to specify the "trustStore" attribute as part of
> my Acegi configuration. As part of the migration I changed this to point to
> the apache cert file. This caused the following error:
>
> [CODE]11:37:54,421  WARN LoggerListener:55 - Authentication event
> AuthenticationFailureServiceExceptionEvent: _cas_stateful_; details:
> org.acegisecurity.ui.WebAuthenticationDetails at 0: RemoteIpAddress:
> 3.44.115.136; SessionId: 3D1A7E8EC3BC4CC2DE330D3CB0D4DC4D; exception:
> Default SSL context init failed: Invalid keystore format
> [/CODE]
>
> I then commented this attribute out and am receiving the following error:
>
> [CODE]11:51:45,356  WARN LoggerListener:55 - Authentication event
> AuthenticationFailureServiceExceptionEvent: _cas_stateful_; details:
> org.acegisecurity.ui.WebAuthenticationDetails at 0: RemoteIpAddress:
> 3.44.115.136; SessionId: 3FFC95ACF58DCB9EDDE8B693CFD1005B; exception:
> sun.security.validator.ValidatorException: PKIX path building failed:
> sun.security.provider.certpath.SunCertPathBuilderException: unable to find
> valid certification path to requested target
> [/CODE]
>
> The problem that I am seeing is that the secure request is redirected to
> CAS where it is successfully authenticated. During the redirect back to the
> app I always get unsuccessful authentication:
>
> [CODE]Authentication object as a String:
> org.acegisecurity.providers.anonymous.AnonymousAuthenticationToken at 905571d8:
> Username: anonymousUser; Password: [PROTECTED]; Authenticated: true;
> Details: org.acegisecurity.ui.WebAuthenticationDetails at 0: RemoteIpAddress:
> 3.44.115.136; SessionId: 3FFC95ACF58DCB9EDDE8B693CFD1005B; Granted
> Authorities: ROLE_ANONYMOUS
> [/CODE]
>
> Has anyone managed to move an Acegi app behind Apache+Tomcat and
> successfully integrate with CAS?
>
> I have included the complete log files and configuration files if they are
> helpful.
>
> Thanks in advance,
> Pete
>
> <<cas.zip>>
>
>
>
> _______________________________________________
> Yale CAS mailing list
> cas at tp.its.yale.edu
> http://tp.its.yale.edu/mailman/listinfo/cas
>
>
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://tp.its.yale.edu/pipermail/cas/attachments/20060906/803648cc/attachment.html

More information about the cas mailing list