After I login CAS, it cannot redirect me to the application -- please help
Edward Chen
edwardc at wolfram.com
Mon Feb 11 16:34:14 EST 2008
Hi,
I am using XP and tomcat 5.5 to do the CAS
Please help me trouble shoot/fix this. It's urgent.
I follow the demo to install CAS demo from the following website
http://www.ja-sig.org/wiki/display/CASUM/Demo
Step 1: Install JDK Version
I am Ok with step 1
Step 2: Used keytool to self-author a server certificate for DEMO
I have the follwoing error
.......
.......
C:\Program Files\Java\jre1.5.0_06\bin>keytool -export -alias tomcat
-keypass cha
ngeit -file server.crt
Enter keystore password: changeit
Certificate stored in file <server.crt>
C:\Program Files\Java\jre1.5.0_06\bin>keytool -import -file server.crt
-keypass
changeit -keystore ..\jre\lib\security\cacerts
Enter keystore password: changeit
Owner: CN=edwardscwin.wri.wolfram.com, OU=R&D, O=WRI, L=Champaign,
ST=IL, C=US
Issuer: CN=edwardscwin.wri.wolfram.com, OU=R&D, O=WRI, L=Champaign,
ST=IL, C=US
Serial number: 47b0b802
Valid from: Mon Feb 11 15:02:58 CST 2008 until: Sun May 11 16:02:58 CDT
2008
Certificate fingerprints:
MD5: 45:25:94:AB:52:2B:F2:92:68:8F:F0:39:19:80:59:82
SHA1: 08:88:37:A1:1C:52:A5:33:0F:51:68:34:81:F9:DF:83:05:41:65:B6
Trust this certificate? [no]: yes
Certificate was added to keystore
keytool error: java.io.FileNotFoundException:
..\jre\lib\security\cacerts (The s
ystem cannot find the path specified)
C:\Program Files\Java\jre1.5.0_06\bin>
Step 3: Install Tomcat
I am ok with step 3
Step 4: Configure Tomcat server.xml
I modify it with the following
<!-- Define a SSL HTTP/1.1 Connector on port 8443 -->
<Connector port="8443" maxHttpHeaderSize="8192"
maxThreads="150" minSpareThreads="25" maxSpareThreads="75"
enableLookups="false" disableUploadTimeout="true"
acceptCount="100" scheme="https" secure="true"
clientAuth="false" sslProtocol="TLS"
keystoreFile="C:/Documents and Settings/edwardc.WRI/.keystore"
keystorePass="changeit"
truststoreFile="C:/Program Files/Java/jre1.6.0_03/lib/security/cacerts" />
Step 5: CASify HelloWorld Servlet
I modify as the following
<filter>
<filter-name>CAS Filter</filter-name>
<filter-class>edu.yale.its.tp.cas.client.filter.CASFilter</filter-class>
<init-param>
<param-name>edu.yale.its.tp.cas.client.filter.loginUrl</param-name>
<param-value>https://edwardscwin.wri.wolfram.com:8443/cas/login</param-value>
</init-param>
<init-param>
<param-name>edu.yale.its.tp.cas.client.filter.validateUrl</param-name>
<param-value>https://edwardscwin.wri.wolfram.com:8443/cas/serviceValidate</param-value>
</init-param>
<init-param>
<param-name>edu.yale.its.tp.cas.client.filter.serverName</param-name>
<param-value>edwardscwin.wri.wolfram.com:8080</param-value>
</init-param>
</filter>
<filter-mapping>
<filter-name>CAS Filter</filter-name>
<url-pattern>/servlet/HelloWorldExample</url-pattern>
</filter-mapping>
Do I need to change/modify anything about ?
edu.yale.its.tp.cas.client.filter
Step 6: Drop CAS Client jar into the servlets-examples context
I am ok with it
Step 7: Download and Deploy CAS
I am ok. I can see the CAS login page and use uday to login with no
problem.
Step 8. Clean start
OK
step 9. TRY IT
* Use fresh browser session to access
http://edwardscwin.wri.wolfram.com:8080/servlets-examples/servlet/HelloWorldExample^
<http://compA:8080/servlets-examples/servlet/HelloWorldExample>
* Get past all browser alerts/warnings to CAS login page OK to
see this login page
* Log in as uday/uday (or any username=password string) OK
* Again see all sorts of alerts/warnings
* See Hello World...success. No, I don't see "Hello Wolrd". With the
following error
HTTP Status 500 -
------------------------------------------------------------------------
*type* Exception report
*message*
*description* _The server encountered an internal error () that
prevented it from fulfilling this request._
*exception*
javax.servlet.ServletException: Unable to validate ProxyTicketValidator
[[edu.yale.its.tp.cas.client.ProxyTicketValidator proxyList=[null]
[edu.yale.its.tp.cas.client.ServiceTicketValidator
casValidateUrl=[https://edwardscwin.wri.wolfram.com:8443/cas/serviceValidate]
ticket=[ST-6-KccdFv1sOQLyAXZzobchx6hFodfADs6AVe6-20]
service=[http%3A%2F%2Fedwardscwin.wri.wolfram.com%3A8080%2Fservlets-examples%2Fservlet%2FHelloWorldExample]
renew=false]]]
edu.yale.its.tp.cas.client.filter.CASFilter.doFilter(CASFilter.java:381)
*root cause*
edu.yale.its.tp.cas.client.CASAuthenticationException: Unable to
validate ProxyTicketValidator
[[edu.yale.its.tp.cas.client.ProxyTicketValidator proxyList=[null]
[edu.yale.its.tp.cas.client.ServiceTicketValidator
casValidateUrl=[https://edwardscwin.wri.wolfram.com:8443/cas/serviceValidate]
ticket=[ST-6-KccdFv1sOQLyAXZzobchx6hFodfADs6AVe6-20]
service=[http%3A%2F%2Fedwardscwin.wri.wolfram.com%3A8080%2Fservlets-examples%2Fservlet%2FHelloWorldExample]
renew=false]]]
edu.yale.its.tp.cas.client.CASReceipt.getReceipt(CASReceipt.java:52)
edu.yale.its.tp.cas.client.filter.CASFilter.getAuthenticatedUser(CASFilter.java:455)
edu.yale.its.tp.cas.client.filter.CASFilter.doFilter(CASFilter.java:378)
*root cause*
javax.net.ssl.SSLHandshakeException:
sun.security.validator.ValidatorException: PKIX path building failed:
sun.security.provider.certpath.SunCertPathBuilderException: unable to
find valid certification path to requested target
com.sun.net.ssl.internal.ssl.Alerts.getSSLException(Unknown Source)
com.sun.net.ssl.internal.ssl.SSLSocketImpl.fatal(Unknown Source)
com.sun.net.ssl.internal.ssl.Handshaker.fatalSE(Unknown Source)
com.sun.net.ssl.internal.ssl.Handshaker.fatalSE(Unknown Source)
com.sun.net.ssl.internal.ssl.ClientHandshaker.serverCertificate(Unknown
Source)
com.sun.net.ssl.internal.ssl.ClientHandshaker.processMessage(Unknown
Source)
com.sun.net.ssl.internal.ssl.Handshaker.processLoop(Unknown Source)
com.sun.net.ssl.internal.ssl.Handshaker.process_record(Unknown Source)
com.sun.net.ssl.internal.ssl.SSLSocketImpl.readRecord(Unknown Source)
com.sun.net.ssl.internal.ssl.SSLSocketImpl.performInitialHandshake(Unknown
Source)
com.sun.net.ssl.internal.ssl.SSLSocketImpl.startHandshake(Unknown
Source)
com.sun.net.ssl.internal.ssl.SSLSocketImpl.startHandshake(Unknown
Source)
sun.net.www.protocol.https.HttpsClient.afterConnect(Unknown Source)
sun.net.www.protocol.https.AbstractDelegateHttpsURLConnection.connect(Unknown
Source)
sun.net.www.protocol.http.HttpURLConnection.getInputStream(Unknown
Source)
sun.net.www.protocol.https.HttpsURLConnectionImpl.getInputStream(Unknown
Source)
edu.yale.its.tp.cas.util.SecureURL.retrieve(SecureURL.java:84)
edu.yale.its.tp.cas.client.ServiceTicketValidator.validate(ServiceTicketValidator.java:212)
edu.yale.its.tp.cas.client.CASReceipt.getReceipt(CASReceipt.java:50)
edu.yale.its.tp.cas.client.filter.CASFilter.getAuthenticatedUser(CASFilter.java:455)
edu.yale.its.tp.cas.client.filter.CASFilter.doFilter(CASFilter.java:378)
*root cause*
sun.security.validator.ValidatorException: PKIX path building failed:
sun.security.provider.certpath.SunCertPathBuilderException: unable to
find valid certification path to requested target
sun.security.validator.PKIXValidator.doBuild(Unknown Source)
sun.security.validator.PKIXValidator.engineValidate(Unknown Source)
sun.security.validator.Validator.validate(Unknown Source)
com.sun.net.ssl.internal.ssl.X509TrustManagerImpl.validate(Unknown
Source)
com.sun.net.ssl.internal.ssl.X509TrustManagerImpl.checkServerTrusted(Unknown
Source)
com.sun.net.ssl.internal.ssl.X509TrustManagerImpl.checkServerTrusted(Unknown
Source)
com.sun.net.ssl.internal.ssl.ClientHandshaker.serverCertificate(Unknown
Source)
com.sun.net.ssl.internal.ssl.ClientHandshaker.processMessage(Unknown
Source)
com.sun.net.ssl.internal.ssl.Handshaker.processLoop(Unknown Source)
com.sun.net.ssl.internal.ssl.Handshaker.process_record(Unknown Source)
com.sun.net.ssl.internal.ssl.SSLSocketImpl.readRecord(Unknown Source)
com.sun.net.ssl.internal.ssl.SSLSocketImpl.performInitialHandshake(Unknown
Source)
com.sun.net.ssl.internal.ssl.SSLSocketImpl.startHandshake(Unknown
Source)
com.sun.net.ssl.internal.ssl.SSLSocketImpl.startHandshake(Unknown
Source)
sun.net.www.protocol.https.HttpsClient.afterConnect(Unknown Source)
sun.net.www.protocol.https.AbstractDelegateHttpsURLConnection.connect(Unknown
Source)
sun.net.www.protocol.http.HttpURLConnection.getInputStream(Unknown
Source)
sun.net.www.protocol.https.HttpsURLConnectionImpl.getInputStream(Unknown
Source)
edu.yale.its.tp.cas.util.SecureURL.retrieve(SecureURL.java:84)
edu.yale.its.tp.cas.client.ServiceTicketValidator.validate(ServiceTicketValidator.java:212)
edu.yale.its.tp.cas.client.CASReceipt.getReceipt(CASReceipt.java:50)
edu.yale.its.tp.cas.client.filter.CASFilter.getAuthenticatedUser(CASFilter.java:455)
edu.yale.its.tp.cas.client.filter.CASFilter.doFilter(CASFilter.java:378)
*root cause*
sun.security.provider.certpath.SunCertPathBuilderException: unable to
find valid certification path to requested target
sun.security.provider.certpath.SunCertPathBuilder.engineBuild(Unknown
Source)
java.security.cert.CertPathBuilder.build(Unknown Source)
sun.security.validator.PKIXValidator.doBuild(Unknown Source)
sun.security.validator.PKIXValidator.engineValidate(Unknown Source)
sun.security.validator.Validator.validate(Unknown Source)
com.sun.net.ssl.internal.ssl.X509TrustManagerImpl.validate(Unknown
Source)
com.sun.net.ssl.internal.ssl.X509TrustManagerImpl.checkServerTrusted(Unknown
Source)
com.sun.net.ssl.internal.ssl.X509TrustManagerImpl.checkServerTrusted(Unknown
Source)
com.sun.net.ssl.internal.ssl.ClientHandshaker.serverCertificate(Unknown
Source)
com.sun.net.ssl.internal.ssl.ClientHandshaker.processMessage(Unknown
Source)
com.sun.net.ssl.internal.ssl.Handshaker.processLoop(Unknown Source)
com.sun.net.ssl.internal.ssl.Handshaker.process_record(Unknown Source)
com.sun.net.ssl.internal.ssl.SSLSocketImpl.readRecord(Unknown Source)
com.sun.net.ssl.internal.ssl.SSLSocketImpl.performInitialHandshake(Unknown
Source)
com.sun.net.ssl.internal.ssl.SSLSocketImpl.startHandshake(Unknown
Source)
com.sun.net.ssl.internal.ssl.SSLSocketImpl.startHandshake(Unknown
Source)
sun.net.www.protocol.https.HttpsClient.afterConnect(Unknown Source)
sun.net.www.protocol.https.AbstractDelegateHttpsURLConnection.connect(Unknown
Source)
sun.net.www.protocol.http.HttpURLConnection.getInputStream(Unknown
Source)
sun.net.www.protocol.https.HttpsURLConnectionImpl.getInputStream(Unknown
Source)
edu.yale.its.tp.cas.util.SecureURL.retrieve(SecureURL.java:84)
edu.yale.its.tp.cas.client.ServiceTicketValidator.validate(ServiceTicketValidator.java:212)
edu.yale.its.tp.cas.client.CASReceipt.getReceipt(CASReceipt.java:50)
edu.yale.its.tp.cas.client.filter.CASFilter.getAuthenticatedUser(CASFilter.java:455)
edu.yale.its.tp.cas.client.filter.CASFilter.doFilter(CASFilter.java:378)
*note* _The full stack trace of the root cause is available in the
Apache Tomcat/5.5.25 logs._
------------------------------------------------------------------------
Apache Tomcat/5.5.25
More information about the cas
mailing list