cas-server V3 and generic https certificate
Vincent MATHIEU
vincent.mathieu at univ-nancy2.fr
Mon Jan 8 15:53:38 EST 2007
Hello,
We used cas-server V2 for several years, and we would like to migrate
towards cas-server V3.
cas-server V3 work's correctly fot authenticating (via LDAP), but
doesn't work in CAS proxy mode.
Here is a log (catalina.out) from cas V3 server :
2007-01-08 21:25:22,248 INFO
[org.jasig.cas.authentication.AuthenticationManagerImpl] -
<AuthenticationHandler:
org.jasig.cas.adaptors.ldap.FastBindLdapAuthenticationHandler
successfully authenticated the user which provided the following
credentials: vmathieu>
2007-01-08 21:25:22,279 INFO
[org.jasig.cas.CentralAuthenticationServiceImpl] - <Granted service
ticket [ST-2-bjB6dheW1LDH0Fl2fXvYjTqYDlEbD50L1mk-20] for service
[http://esupdev1.univ-nancy2.fr/package/Login] for user [vmathieu]>
2007-01-08 21:25:26,974 ERROR
[org.jasig.cas.authentication.handler.support.HttpBasedServiceCredentialsAuthenticationHandler]
- <javax.net.ssl.SSLPeerUnverifiedException: HTTPS hostname invalid:
expected 'esupdev1.univ-nancy2.fr', received '*.univ-nancy2.fr'>
javax.net.ssl.SSLPeerUnverifiedException: HTTPS hostname invalid:
expected 'esupdev1.univ-nancy2.fr', received '*.univ-nancy2.fr' at
org.apache.commons.httpclient.contrib.ssl.StrictSSLProtocolSocketFactory.verifyHostname
(StrictSSLProtocolSocketFactory.java:303)
We use 'generic' ssl certificate for our https server :
CN=*.univ-nancy2.fr (and not CN=auth.univ-nancy2.fr).
The problem seems to come from.
CAS serveur V2 work's correctly with same certificates.
Is there a simple solution to treat the problem, or do I have to patch
the code ?
Thank's
Vincent
--
Vincent MATHIEU
Université Nancy 2 - CRI
Equipe système et réseaux
tel : 03 54 50 36 56
coordonnées : http://www.univ-nancy2.fr/ANNUAIRE/PERS/detail_pres.php?uid=vmathieu
More information about the cas
mailing list