Redirection failed on successful CAS authentication

Scott Battaglia scott.battaglia at gmail.com
Wed Feb 21 11:26:22 EST 2007 

Your CN should be the same name as your server.  So IT-2208, not IT2208
IT-2208

-Scott

On 2/21/07, k2g <kkganesan at gmail.com> wrote:
>
> Same certification validation error after successful keystore creation
> and import to cacerts
>
>
> C:\>C:\"Program Files"\Java\jdk1.5.0_11\bin\keytool -genkey -alias tomcat
> -keyal
> g RSA -validity 365
> Enter keystore password:  changeit
> What is your first and last name?
>   [Unknown]:  IT-2208 IT-2208
> What is the name of your organizational unit?
>   [Unknown]:  talkerman
> What is the name of your organization?
>   [Unknown]:  talkerman
> What is the name of your City or Locality?
>   [Unknown]:  hills
> What is the name of your State or Province?
>   [Unknown]:  {A
> What is the two-letter country code for this unit?
>   [Unknown]:  US
> Is CN=IT-2208 IT-2208, OU=talkerman, O=talkerman, L=hills, ST={A, C=US
> correct?
>   [no]:  y
>
> Enter key password for <tomcat>
>         (RETURN if same as keystore password):
>
> C:\>C:\"Program Files"\Java\jdk1.5.0_11\bin\keytool -export -alias tomcat
> -file
> server.crt
> Enter keystore password:  changeit
> Certificate stored in file <server.crt>
>
> C:\>C:\"Program Files"\Java\jdk1.5.0_11\bin\keytool -import -file
> server.crt -ke
> ystore C:/"Program Files"/Java/jdk1.5.0_11/jre/lib/security/cacerts
> Enter keystore password:  changeit
> Owner: CN=IT-2208 IT-2208, OU=talkerman, O=talkerman, L=hills, ST={A, C=US
> Issuer: CN=IT-2208 IT-2208, OU=talkerman, O=talkerman, L=hills, ST={A,
> C=US
> Serial number: 45dc6729
> Valid from: Wed Feb 21 10:37:13 EST 2007 until: Thu Feb 21 10:37:13 EST
> 2008
> Certificate fingerprints:
>          MD5:  4F:7D:A0:F3:18:3B:6A:74:41:85:65:05:CD:0F:AF:AE
>          SHA1: AD:5B:61:62:0C:D5:32:00:91:03:20:1A:77:4D:C2:AB:B2:7D:94:35
> Trust this certificate? [no]:  y
> Certificate was added to keystore
>
> ==============================================================================================
>
> After this i changed the application-Security.xml
> casAuthenticationProvider bean key value as
>
> <property name="key" value="changeit"/>
>
> then
>
> tomcat connector config (in server.xml ) is now
>
>     <Connector port="8443" maxHttpHeaderSize="8192"
>                maxThreads="150" minSpareThreads="25" maxSpareThreads="75"
>                enableLookups="false" disableUploadTimeout="true"
>                acceptCount="100" scheme="https" secure="true"
>                clientAuth="false" keystoreFile="C:\Documents and
> Settings\myname\.keystore" keystorePass="changeit" sslProtocol="TLS"
> />
>
>
>
> deployed and started tomcat
>
> This is the log
>
> INFO [http-8443-Processor24]
> AuthenticationManagerImpl.authenticate(88) | AuthenticationHandler:
> org.acegisecurity.adapters.cas3.CasAuthenticationHandler successfully
> authenticated the user.
> INFO [http-8443-Processor24]
> CentralAuthenticationServiceImpl.grantServiceTicket(167) | Granted
> service ticket [ST-2-XJguyqMPCmiTVlUJ6tNbQMcYzFX6bKXWvew-20] for
> service [https://IT-2208:8443/myapp/j_acegi_cas_security_check] for
> user [admin]
> WARN [http-8443-Processor23] LoggerListener.onApplicationEvent(55) |
> Authentication event AuthenticationFailureServiceExceptionEvent:
> _cas_stateful_; details:
> org.acegisecurity.ui.WebAuthenticationDetails at ffffc434:
> RemoteIpAddress: 10.22.2.148; SessionId: null; exception:
> sun.security.validator.ValidatorException: PKIX path building failed:
> sun.security.provider.certpath.SunCertPathBuilderException: unable to
> find valid certification path to requested target
> _______________________________________________
> Yale CAS mailing list
> cas at tp.its.yale.edu
> http://tp.its.yale.edu/mailman/listinfo/cas
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://tp.its.yale.edu/pipermail/cas/attachments/20070221/36e167fe/attachment.html

More information about the cas mailing list