x509 login

Scott Battaglia scott.battaglia at gmail.com
Thu Jul 5 15:28:46 EDT 2007 

Since you're using IBM's JVM, this may help:
http://www.ibm.com/developerworks/forums/dw_thread.jsp?message=13885924&cat=51&thread=141188&treeDisplayType=threadmode1&forum=541#13885924

-Scott

On 7/5/07, Marco Panella <marco.panella at unipr.it> wrote:
>
> I am trying to set up x509 login with CAS.
>
> I get an error in starting tomcat activated with connector on port 8443
> for https:
> http://www.cce.unipr.it/error8443.txt
>
> I am on a SLES 10:
> java-1_4_2-ibm-1.4.2.s4-23.13
> tomcat5-5.0.30-27.5.3
>
> I tried to download jsse-1.0.3 but I get the same error.
>
> Is there a way to get x509 login to work without https-ing tomcat?
>
> I ngrepped port 8009 and I see that apache pass to tomcat my certificate
> (I put SSLVerifyClient optional in the apache virtualhost configuration):
> http://www.cce.unipr.it/proxypass.txt
>
> I followed the instructions at
> http://www.ja-sig.org/wiki/display/CASUM/X.509+Certificates and
> http://www.ja-sig.org/products/cas/server/certs/index.html
> so I added
> <bean
> class="
> org.jasig.cas.adaptors.x509.authentication.handler.support.X509CredentialsAuthenticationHandler
> ">
>      <property name="trustedIssuerDnPattern" value="C=IT, O=GARR,
> OU=UNIPR"/>
>        <!--
>          <property name="maxPathLength" value="3" />
>          <property name="checkKeyUsage" value="5" />
>          <property name="requireKeyUsage" value="5" />
>        -->
> </bean>
> to webapp/WEB-INF/deployerConfigContext.xml
>
> and log4j.logger.org.jasig.cas.adaptors.x509=DEBUG
> to webapp/WEB-INF/classes/log4j.properties
>
> but the only logs I see in catalina.out are:
> 2007-07-05 13:02:40,363 WARN
> [org.springframework.webflow.conversation.impl.ConversationLockFactory]
> - Unable to enable conversation locking. Switch to Java 5 or above, or
> put the 'util.concurrent' package on the classpath to enable locking in
> your environment.
> 2007-07-05 13:02:40,818 INFO
> [
> org.jasig.cas.adaptors.x509.authentication.handler.support.X509CredentialsAuthenticationHandler
> ]
> - Using default Subject DN Pattern: .*
>
> Best regards
> Marco Panella
>
> --
> Ing. Marco Panella - tecnico di elaborazione dati
> Settore Innovazione Tecnologie Informatiche, Universita' di Parma
> Via G.P. Usberti, 17/A, I-43100, Parma, Italy
> Phone:+39 - 0521 - 90 - 5470  Fax:  +39 - 0521 - 90 - 5469
> _______________________________________________
> Yale CAS mailing list
> cas at tp.its.yale.edu
> http://tp.its.yale.edu/mailman/listinfo/cas
>



-- 
-Scott Battaglia

LinkedIn: http://www.linkedin.com/in/scottbattaglia
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://tp.its.yale.edu/pipermail/cas/attachments/20070705/1cfdf98b/attachment.html

More information about the cas mailing list