CAS on Mac OS X and Tomcat 5.5

Mike Crawford mike.crawford at gmail.com
Wed Jun 20 11:23:29 EDT 2007 

Hi Scott,

Whoops, I was only checking catalina.out.  The tomcat 'localhost' log showed
that Mac needs our public cert added to cacerts.  Interestingly, this is not
the case for our linux and windows development machines because the godaddy
entry in cacerts across all of them looks identical.

Cheers,

Mike

On 6/20/07, Scott Battaglia <scott.battaglia at gmail.com> wrote:
>
> Mike,
>
> Is there more to the exception message than just the CAS error (i.e. the
> root cause)?
>
> Thanks
> -Scott
>
> On 6/19/07, Mike Crawford < mike.crawford at gmail.com> wrote:
>
> > Hi,
> >
> > I'm getting an 'Unable to validate ProxyTicketValidator' error on Mac
> > development machines only.  Here are the details:
> >
> > Some of our dev machine's are Mac OS X with Tomcat 5.5 and JDK1.6.0 rev
> > 88 (the java version from the apple dev site).  We use the following:
> >
> >     <!-- CAS Single Sign On Filter -->
> >       <filter>
> >          <filter-name>CAS Filter</filter-name>
> >          <filter-class>edu.yale.its.tp.cas.client.filter.CASFilter</filter-class>
> >
> >             <init-param>
> >                    <param-name>
> > edu.yale.its.tp.cas.client.filter.loginUrl</param-name>
> >
> > <param-value>https://<server_that_runs_cas>/cas/login</param-value>
> >             </init-param>
> >             <init-param>
> >                    <param-name>
> > edu.yale.its.tp.cas.client.filter.validateUrl</param-name>
> >
> > <param-value>https://<server_that_runs_cas>/cas/serviceValidate</param-value>
> >
> >             </init-param>
> >             <init-param>
> >                    <param-name>
> > edu.yale.its.tp.cas.client.filter.serverName</param-name>
> >
> > <param-value><name_of_dev_machine>:8080</param-value>
> >             </init-param>
> >      </filter>
> >
> > and this works for our linux and windows machine's.
> >
> > Since we bought a godaddy turboSSL certificate, these dev machines
> > haven't needed any change to cacerts.  The only difference I can see is the
> > JDK1.6.0 version of the Mac, but I don't know how that would change
> > things.
> >
> > The error seen on a Mac (with our details removed) after trying to log
> > on is below.  Any help would be appreciated.
> >
> > Thanks very much,
> >
> > Mike Crawford
> >
> > HTTP Status 500 -
> >
> > *exception*
> >
> > javax.servlet.ServletException: Unable to validate ProxyTicketValidator [[edu.yale.its.tp.cas.client.ProxyTicketValidator proxyList=[null] [
> >
> > edu.yale.its.tp.cas.client.ServiceTicketValidator
> >  casValidateUrl=[https://<our_cas_server>/cas/serviceValidate
> >
> >  <https://www.gwap.com/cas/serviceValidate>] ticket=[ST-281-BLahW1RniTfiRXZelGC1kdchlnp6ppkpV0k-20] service=[http%3A%2F%2F<mac_dev_server>%3A8080%2F<some_context>%2F
> > ] renew=false]]]
> > 	edu.yale.its.tp.cas.client.filter.CASFilter.doFilter(CASFilter.java
> >
> > :381)
> >
> > *root cause*
> >
> > edu.yale.its.tp.cas.client.CASAuthenticationException: Unable to validate ProxyTicketValidator [[
> > edu.yale.its.tp.cas.client.ProxyTicketValidator proxyList=[null] [edu.yale.its.tp.cas.client.ServiceTicketValidator
> >
> >  casValidateUrl=[https://<our_cas_server>/cas/serviceValidate
> >  <https://www.gwap.com/cas/serviceValidate>] ticket=[ST-281-BLahW1RniTfiRXZelGC1kdchlnp6ppkpV0k-20] service=[http%3A%2F%2F<mac_dev_server>%3A8080%2F<some_context>%2F] renew=false]]]
> >
> >
> > 	edu.yale.its.tp.cas.client.CASReceipt.getReceipt(CASReceipt.java:52)
> >
> > 	edu.yale.its.tp.cas.client.filter.CASFilter.getAuthenticatedUser(CASFilter.java:455)
> > 	edu.yale.its.tp.cas.client.filter.CASFilter.doFilter
> >
> > (CASFilter.java:378)
> >
> >
> >
> >
> >
> >
> > _______________________________________________
> > Yale CAS mailing list
> > cas at tp.its.yale.edu
> > http://tp.its.yale.edu/mailman/listinfo/cas
> >
> >
>
>
> --
> -Scott Battaglia
>
> LinkedIn: http://www.linkedin.com/in/scottbattaglia
> _______________________________________________
> Yale CAS mailing list
> cas at tp.its.yale.edu
> http://tp.its.yale.edu/mailman/listinfo/cas
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://tp.its.yale.edu/pipermail/cas/attachments/20070620/3b5da530/attachment.html

More information about the cas mailing list