Redirection failed on successful CAS authentication

Scott Battaglia scott.battaglia at gmail.com
Tue Feb 20 22:29:58 EST 2007 

It looks like your certificate is not in your JVM cacerts file.  This should
add it to your cacerts file:

%JAVA_HOME%\bin\keytool -import -file server.crt -keypass changeit
-keystore %JAVA_HOME%/jre/lib/security/cacerts

replacing server.crt with the actual file holding your certificate.

-Scott



On 2/20/07, k2g <kkganesan at gmail.com> wrote:
>
> Service app was built using webwork, spring, hibernate ....
>
> I am using Acegi Security 1.0.3 and JA-SIG CAS 3.0.4 server
>
> In the service app,
> The redirection to cas login page works when i type in the service app
> url.
> I am getting authenticated successfully from cas server login (see the
> log below) and also being granted service ticket. But after that i am
> getting redirected to casfailed.jsp in the service app, i get the
> following error shown below.
>
>
> log:
> INFO [http-8443-Processor25]
> AuthenticationManagerImpl.authenticate(88) | AuthenticationHandler:
> org.acegisecurity.adapters.cas3.CasAuthenticationHandler successfully
> authenticated the user.
> INFO [http-8443-Processor25]
> CentralAuthenticationServiceImpl.grantServiceTicket(167) | Granted
> service ticket [ST-2-dddSXAi3Rv6yBNlQYNFCIrClYZ5OdkJJoFb-20] for
> service [https://localhost:8443/myapp/j_acegi_cas_security_check] for
> user [admin]
> WARN [http-8443-Processor24] LoggerListener.onApplicationEvent(55) |
> Authentication event AuthenticationFailureServiceExceptionEvent:
> _cas_stateful_; details:
> org.acegisecurity.ui.WebAuthenticationDetails at ffffc434:
> RemoteIpAddress: 10.22.2.148; SessionId: null; exception:
> sun.security.validator.ValidatorException: PKIX path building failed:
> sun.security.provider.certpath.SunCertPathBuilderException: unable to
> find valid certification path to requested target
> ERROR [http-8443-Processor25] [jsp].invoke(253) | Servlet.service()
> for servlet jsp threw exception
> org.apache.jasper.JasperException: The absolute uri:
> http://java.sun.com/jstl/core cannot be resolved in either web.xml or
> the jar files deployed with this application at
> org.apache.jasper.compiler.DefaultErrorHandler.jsp
>
> Couple of observations from the log,
>
> 1. In the browser the following error was thrown (after successful
> authentication from cas):
>
> While processing request " /casfailed.jsp ", the application
> encountered the following internal error condition:
> org.apache.jasper.JasperException: The absolute uri:
> http://java.sun.com/jstl/core cannot be resolved in either web.xml or
> the jar files deployed with this application
>
>
> My applicationContext.xml defn for authentication failureurl
>
> <bean id="casProcessingFilter"
> class="org.acegisecurity.ui.cas.CasProcessingFilter">
>         <property name="authenticationManager"
> ref="authenticationManager"/>
>         <property name="authenticationFailureUrl" value="/casfailed.jsp"/>
>         <property name="defaultTargetUrl" value="/"/>
>         <property name="filterProcessesUrl"
> value="/j_acegi_cas_security_check"/>
> </bean>
>
>
> In web.xml i have the following definition for casfailed.jsp ( its
> necessary to declare error-page as i am using webwork)
> <error-page>
>         <error-code>404</error-code>
>         <location>/casfailed.jsp</location>
> </error-page>
>
> looks like i goofed up with error-page declaration..
> ==============================
> 2. SSL issue warning
>
> With regard to the warning, i got to know from here,
> http://www.ja-sig.org/products/cas/server/ssl/index.html
> that its because hostname is not mentioned while configuring the certs.
>
> Well i could able to execute every command listed on the link except
> the last two,
> %JAVA_HOME%\bin\keytool -import -file server.crt -keypass mypass
> -keystore %JAVA_HOME%/jre/lib/security/cacerts
>
> %JAVA_HOME%\bin\keytool -import -file server.crt -keypass mypass
>
> i was always getting keytool help usage returned in the command prompt
> (also tried backslash \ to the path). Using java 1.5.0_09 on windows
> xp
>
>
> Thanks.
> _______________________________________________
> Yale CAS mailing list
> cas at tp.its.yale.edu
> http://tp.its.yale.edu/mailman/listinfo/cas
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://tp.its.yale.edu/pipermail/cas/attachments/20070220/c19ddbed/attachment.html

More information about the cas mailing list