After I login CAS, it cannot redirect me to the application -- please help
Edward Chen
edwardc at wolfram.com
Mon Feb 11 18:16:33 EST 2008
Here is
C:\>echo %Java_home%
C:\Program Files\Java\jre1.6.0_03
C:\>echo %CATALINA_HOME%
C:\Program Files\Apache Software Foundation\Tomcat 5.5
C:\>
Scott Battaglia wrote:
> Is that your JAVA_HOME?
>
> If you type "set" at a command prompt, what does it say your JAVA_HOME is?
>
> On Feb 11, 2008 5:16 PM, Edward Chen <edwardc at wolfram.com
> <mailto:edwardc at wolfram.com>> wrote:
>
> Hi, I got it with the following
>
> C:\Program Files\Java\jre1.5.0_06\bin>keytool -import -file server.crt
> -keypass
> changeit -keystore ..\lib\security\cacerts
> Enter keystore password: changeit
> Owner: CN=edwardscwin.wri.wolfram.com
> <http://edwardscwin.wri.wolfram.com>, OU=R&D, O=WRI, L=Champaign,
> ST=IL, C=US
> Issuer: CN=edwardscwin.wri.wolfram.com
> <http://edwardscwin.wri.wolfram.com>, OU=R&D, O=WRI, L=Champaign,
> ST=IL, C=US
> Serial number: 47b0b802
> Valid from: Mon Feb 11 15:02:58 CST 2008 until: Sun May 11
> 16:02:58 CDT 2008
> Certificate fingerprints:
> MD5: 45:25:94:AB:52:2B:F2:92:68:8F:F0:39:19:80:59:82
> SHA1:
> 08:88:37:A1:1C:52:A5:33:0F:51:68:34:81:F9:DF:83:05:41:65:B6
> Trust this certificate? [no]: yes
> Certificate was added to keystore
>
> C:\Program Files\Java\jre1.5.0_06\bin>
>
> But, I still have the same error message when I input "uday"
> "uday" and
> cannot redirect to "Hello World"
>
> Please continue to help
>
>
> Scott Battaglia wrote:
> > You need add the certificate to your keystore (which is where it
> > failed). Find the JVM that you use to start up Tomcat and
> follow the
> > keystore instructions. The path should be something like
> > %JAVA_HOME%\jre\lib\security\cacerts
> >
> > -Scott
> >
> > On Feb 11, 2008 4:34 PM, Edward Chen <edwardc at wolfram.com
> <mailto:edwardc at wolfram.com>
> > <mailto:edwardc at wolfram.com <mailto:edwardc at wolfram.com>>> wrote:
> >
> > Hi,
> >
> > I am using XP and tomcat 5.5 to do the CAS
> >
> > Please help me trouble shoot/fix this. It's urgent.
> >
> > I follow the demo to install CAS demo from the following website
> >
> > http://www.ja-sig.org/wiki/display/CASUM/Demo
> >
> >
> > Step 1: Install JDK Version
> >
> > I am Ok with step 1
> >
> >
> > Step 2: Used keytool to self-author a server certificate
> for DEMO
> >
> >
> > I have the follwoing error
> >
> > .......
> > .......
> > C:\Program Files\Java\jre1.5.0_06\bin>keytool -export -alias
> tomcat
> > -keypass cha
> > ngeit -file server.crt
> > Enter keystore password: changeit
> > Certificate stored in file <server.crt>
> >
> > C:\Program Files\Java\jre1.5.0_06\bin>keytool -import -file
> server.crt
> > -keypass
> > changeit -keystore ..\jre\lib\security\cacerts
> > Enter keystore password: changeit
> > Owner: CN=edwardscwin.wri.wolfram.com
> <http://edwardscwin.wri.wolfram.com>
> > <http://edwardscwin.wri.wolfram.com>, OU=R&D, O=WRI,
> L=Champaign,
> > ST=IL, C=US
> > Issuer: CN=edwardscwin.wri.wolfram.com
> <http://edwardscwin.wri.wolfram.com>
> > <http://edwardscwin.wri.wolfram.com>, OU=R&D, O=WRI,
> L=Champaign,
> > ST=IL, C=US
> > Serial number: 47b0b802
> > Valid from: Mon Feb 11 15:02:58 CST 2008 until: Sun May 11
> > 16:02:58 CDT
> > 2008
> > Certificate fingerprints:
> > MD5: 45:25:94:AB:52:2B:F2:92:68:8F:F0:39:19:80:59:82
> > SHA1:
> > 08:88:37:A1:1C:52:A5:33:0F:51:68:34:81:F9:DF:83:05:41:65:B6
> > Trust this certificate? [no]: yes
> > Certificate was added to keystore
> > keytool error: java.io.FileNotFoundException:
> > ..\jre\lib\security\cacerts (The s
> > ystem cannot find the path specified)
> >
> > C:\Program Files\Java\jre1.5.0_06\bin>
> >
> >
> > Step 3: Install Tomcat
> >
> > I am ok with step 3
> >
> >
> > Step 4: Configure Tomcat server.xml
> >
> > I modify it with the following
> >
> > <!-- Define a SSL HTTP/1.1 Connector on port 8443 -->
> > <Connector port="8443" maxHttpHeaderSize="8192"
> > maxThreads="150" minSpareThreads="25" maxSpareThreads="75"
> > enableLookups="false" disableUploadTimeout="true"
> > acceptCount="100" scheme="https" secure="true"
> > clientAuth="false" sslProtocol="TLS"
> > keystoreFile="C:/Documents and Settings/edwardc.WRI/.keystore"
> > keystorePass="changeit"
> > truststoreFile="C:/Program
> > Files/Java/jre1.6.0_03/lib/security/cacerts" />
> >
> >
> > Step 5: CASify HelloWorld Servlet
> >
> > I modify as the following
> >
> > <filter>
> > <filter-name>CAS Filter</filter-name>
> >
> <filter-class>edu.yale.its.tp.cas.client.filter.CASFilter</filter-class>
> > <init-param>
> >
> <param-name>edu.yale.its.tp.cas.client.filter.loginUrl</param-name>
> >
> <param-value>https://edwardscwin.wri.wolfram.com:8443/cas/login</param-value>
> >
> > </init-param>
> > <init-param>
> >
> <param-name>edu.yale.its.tp.cas.client.filter.validateUrl</param-name>
> >
> <param-value>https://edwardscwin.wri.wolfram.com:8443/cas/serviceValidate</param-value>
> >
> > </init-param>
> > <init-param>
> >
> <param-name>edu.yale.its.tp.cas.client.filter.serverName</param-name>
> > <param-value>edwardscwin.wri.wolfram.com:8080
> <http://edwardscwin.wri.wolfram.com:8080>
> > <http://edwardscwin.wri.wolfram.com:8080></param-value>
> > </init-param>
> > </filter>
> >
> > <filter-mapping>
> > <filter-name>CAS Filter</filter-name>
> > <url-pattern>/servlet/HelloWorldExample</url-pattern>
> > </filter-mapping>
> >
> > Do I need to change/modify anything about ?
> > edu.yale.its.tp.cas.client.filter
> >
> >
> > Step 6: Drop CAS Client jar into the servlets-examples
> context
> >
> > I am ok with it
> >
> >
> > Step 7: Download and Deploy CAS
> >
> > I am ok. I can see the CAS login page and use uday to login
> with no
> > problem.
> >
> >
> > Step 8. Clean start
> >
> > OK
> >
> >
> > step 9. TRY IT
> >
> > * Use fresh browser session to access
> >
> >
> http://edwardscwin.wri.wolfram.com:8080/servlets-examples/servlet/HelloWorldExample^
> >
> >
> <http://compA:8080/servlets-examples/servlet/HelloWorldExample>
> > * Get past all browser alerts/warnings to CAS login page
> OK to
> > see this login page
> > * Log in as uday/uday (or any username=password string) OK
> > * Again see all sorts of alerts/warnings
> > * See Hello World...success. No, I don't see "Hello
> Wolrd". With the
> > following error
> >
> >
> > HTTP Status 500 -
> >
> >
> ------------------------------------------------------------------------
> >
> > *type* Exception report
> >
> > *message*
> >
> > *description* _The server encountered an internal error () that
> > prevented it from fulfilling this request._
> >
> > *exception*
> >
> > javax.servlet.ServletException: Unable to validate
> > ProxyTicketValidator
> > [[edu.yale.its.tp.cas.client.ProxyTicketValidator
> proxyList=[null]
> > [edu.yale.its.tp.cas.client.ServiceTicketValidator
> >
> casValidateUrl=[https://edwardscwin.wri.wolfram.com:8443/cas/serviceValidate]
> > ticket=[ST-6-KccdFv1sOQLyAXZzobchx6hFodfADs6AVe6-20]
> >
> service=[http%3A%2F%2Fedwardscwin.wri.wolfram.com%3A8080%2Fservlets-examples%2Fservlet%2FHelloWorldExample]
> > renew=false]]]
> >
> >
> edu.yale.its.tp.cas.client.filter.CASFilter.doFilter(CASFilter.java:381)
> >
> >
> > *root cause*
> >
> > edu.yale.its.tp.cas.client.CASAuthenticationException: Unable to
> > validate ProxyTicketValidator
> > [[edu.yale.its.tp.cas.client.ProxyTicketValidator
> proxyList=[null]
> > [edu.yale.its.tp.cas.client.ServiceTicketValidator
> >
> casValidateUrl=[https://edwardscwin.wri.wolfram.com:8443/cas/serviceValidate]
> > ticket=[ST-6-KccdFv1sOQLyAXZzobchx6hFodfADs6AVe6-20]
> >
> service=[http%3A%2F%2Fedwardscwin.wri.wolfram.com%3A8080%2Fservlets-examples%2Fservlet%2FHelloWorldExample]
> > renew=false]]]
> >
> >
> edu.yale.its.tp.cas.client.CASReceipt.getReceipt(CASReceipt.java:52)
> >
> >
> edu.yale.its.tp.cas.client.filter.CASFilter.getAuthenticatedUser(CASFilter.java:455)
> >
> >
> >
> edu.yale.its.tp.cas.client.filter.CASFilter.doFilter(CASFilter.java:378)
> >
> >
> > *root cause*
> >
> > javax.net.ssl.SSLHandshakeException:
> > sun.security.validator.ValidatorException: PKIX path
> building failed:
> > sun.security.provider.certpath.SunCertPathBuilderException:
> unable to
> > find valid certification path to requested target
> >
> com.sun.net.ssl.internal.ssl.Alerts.getSSLException(Unknown Source)
> > com.sun.net.ssl.internal.ssl.SSLSocketImpl.fatal(Unknown
> Source)
> > com.sun.net.ssl.internal.ssl.Handshaker.fatalSE(Unknown
> Source)
> > com.sun.net.ssl.internal.ssl.Handshaker.fatalSE(Unknown
> Source)
> >
> >
> com.sun.net.ssl.internal.ssl.ClientHandshaker.serverCertificate(Unknown
> > Source)
> >
> >
> com.sun.net.ssl.internal.ssl.ClientHandshaker.processMessage(Unknown
> > Source)
> >
> com.sun.net.ssl.internal.ssl.Handshaker.processLoop(Unknown Source)
> >
> com.sun.net.ssl.internal.ssl.Handshaker.process_record(Unknown
> > Source)
> > com.sun.net.ssl.internal.ssl.SSLSocketImpl.readRecord(Unknown
> > Source)
> >
> >
> com.sun.net.ssl.internal.ssl.SSLSocketImpl.performInitialHandshake(Unknown
> > Source)
> >
> com.sun.net.ssl.internal.ssl.SSLSocketImpl.startHandshake(Unknown
> > Source)
> >
> com.sun.net.ssl.internal.ssl.SSLSocketImpl.startHandshake(Unknown
> > Source)
> >
> sun.net.www.protocol.https.HttpsClient.afterConnect(Unknown Source)
> >
> >
> sun.net.www.protocol.https.AbstractDelegateHttpsURLConnection.connect(Unknown
> > Source)
> >
> sun.net.www.protocol.http.HttpURLConnection.getInputStream(Unknown
> > Source)
> >
> >
> sun.net.www.protocol.https.HttpsURLConnectionImpl.getInputStream(Unknown
> > Source)
> >
> edu.yale.its.tp.cas.util.SecureURL.retrieve(SecureURL.java:84)
> >
> >
> edu.yale.its.tp.cas.client.ServiceTicketValidator.validate(ServiceTicketValidator.java:212)
> >
> >
> >
> edu.yale.its.tp.cas.client.CASReceipt.getReceipt(CASReceipt.java:50)
> >
> >
> edu.yale.its.tp.cas.client.filter.CASFilter.getAuthenticatedUser(CASFilter.java:455)
> >
> >
> >
> edu.yale.its.tp.cas.client.filter.CASFilter.doFilter(CASFilter.java:378)
> >
> >
> > *root cause*
> >
> > sun.security.validator.ValidatorException: PKIX path
> building failed:
> > sun.security.provider.certpath.SunCertPathBuilderException:
> unable to
> > find valid certification path to requested target
> > sun.security.validator.PKIXValidator.doBuild(Unknown Source)
> >
> sun.security.validator.PKIXValidator.engineValidate(Unknown Source)
> > sun.security.validator.Validator.validate(Unknown Source)
> >
> com.sun.net.ssl.internal.ssl.X509TrustManagerImpl.validate(Unknown
> > Source)
> >
> >
> com.sun.net.ssl.internal.ssl.X509TrustManagerImpl.checkServerTrusted(Unknown
> > Source)
> >
> >
> com.sun.net.ssl.internal.ssl.X509TrustManagerImpl.checkServerTrusted(Unknown
> > Source)
> >
> >
> com.sun.net.ssl.internal.ssl.ClientHandshaker.serverCertificate(Unknown
> > Source)
> >
> >
> com.sun.net.ssl.internal.ssl.ClientHandshaker.processMessage(Unknown
> > Source)
> >
> com.sun.net.ssl.internal.ssl.Handshaker.processLoop(Unknown Source)
> >
> com.sun.net.ssl.internal.ssl.Handshaker.process_record(Unknown
> > Source)
> > com.sun.net.ssl.internal.ssl.SSLSocketImpl.readRecord(Unknown
> > Source)
> >
> >
> com.sun.net.ssl.internal.ssl.SSLSocketImpl.performInitialHandshake(Unknown
> > Source)
> >
> com.sun.net.ssl.internal.ssl.SSLSocketImpl.startHandshake(Unknown
> > Source)
> >
> com.sun.net.ssl.internal.ssl.SSLSocketImpl.startHandshake(Unknown
> > Source)
> >
> sun.net.www.protocol.https.HttpsClient.afterConnect(Unknown Source)
> >
> >
> sun.net.www.protocol.https.AbstractDelegateHttpsURLConnection.connect(Unknown
> > Source)
> >
> sun.net.www.protocol.http.HttpURLConnection.getInputStream(Unknown
> > Source)
> >
> >
> sun.net.www.protocol.https.HttpsURLConnectionImpl.getInputStream(Unknown
> > Source)
> >
> edu.yale.its.tp.cas.util.SecureURL.retrieve(SecureURL.java:84)
> >
> >
> edu.yale.its.tp.cas.client.ServiceTicketValidator.validate(ServiceTicketValidator.java:212)
> >
> >
> >
> edu.yale.its.tp.cas.client.CASReceipt.getReceipt(CASReceipt.java:50)
> >
> >
> edu.yale.its.tp.cas.client.filter.CASFilter.getAuthenticatedUser(CASFilter.java:455)
> >
> >
> >
> edu.yale.its.tp.cas.client.filter.CASFilter.doFilter(CASFilter.java:378)
> >
> >
> > *root cause*
> >
> > sun.security.provider.certpath.SunCertPathBuilderException:
> unable to
> > find valid certification path to requested target
> >
> >
> sun.security.provider.certpath.SunCertPathBuilder.engineBuild(Unknown
> > Source)
> > java.security.cert.CertPathBuilder.build(Unknown Source)
> > sun.security.validator.PKIXValidator.doBuild(Unknown Source)
> >
> sun.security.validator.PKIXValidator.engineValidate(Unknown Source)
> > sun.security.validator.Validator.validate(Unknown Source)
> >
> com.sun.net.ssl.internal.ssl.X509TrustManagerImpl.validate(Unknown
> > Source)
> >
> >
> com.sun.net.ssl.internal.ssl.X509TrustManagerImpl.checkServerTrusted(Unknown
> > Source)
> >
> >
> com.sun.net.ssl.internal.ssl.X509TrustManagerImpl.checkServerTrusted(Unknown
> > Source)
> >
> >
> com.sun.net.ssl.internal.ssl.ClientHandshaker.serverCertificate(Unknown
> > Source)
> >
> >
> com.sun.net.ssl.internal.ssl.ClientHandshaker.processMessage(Unknown
> > Source)
> >
> com.sun.net.ssl.internal.ssl.Handshaker.processLoop(Unknown Source)
> >
> com.sun.net.ssl.internal.ssl.Handshaker.process_record(Unknown
> > Source)
> > com.sun.net.ssl.internal.ssl.SSLSocketImpl.readRecord(Unknown
> > Source)
> >
> >
> com.sun.net.ssl.internal.ssl.SSLSocketImpl.performInitialHandshake(Unknown
> > Source)
> >
> com.sun.net.ssl.internal.ssl.SSLSocketImpl.startHandshake(Unknown
> > Source)
> >
> com.sun.net.ssl.internal.ssl.SSLSocketImpl.startHandshake(Unknown
> > Source)
> >
> sun.net.www.protocol.https.HttpsClient.afterConnect(Unknown Source)
> >
> >
> sun.net.www.protocol.https.AbstractDelegateHttpsURLConnection.connect(Unknown
> > Source)
> >
> sun.net.www.protocol.http.HttpURLConnection.getInputStream(Unknown
> > Source)
> >
> >
> sun.net.www.protocol.https.HttpsURLConnectionImpl.getInputStream(Unknown
> > Source)
> >
> edu.yale.its.tp.cas.util.SecureURL.retrieve(SecureURL.java:84)
> >
> >
> edu.yale.its.tp.cas.client.ServiceTicketValidator.validate(ServiceTicketValidator.java:212)
> >
> >
> >
> edu.yale.its.tp.cas.client.CASReceipt.getReceipt(CASReceipt.java:50)
> >
> >
> edu.yale.its.tp.cas.client.filter.CASFilter.getAuthenticatedUser(CASFilter.java:455)
> >
> >
> >
> edu.yale.its.tp.cas.client.filter.CASFilter.doFilter(CASFilter.java:378)
> >
> >
> > *note* _The full stack trace of the root cause is available
> in the
> > Apache Tomcat/5.5.25 logs._
> >
> >
> ------------------------------------------------------------------------
> >
> >
> > Apache Tomcat/5.5.25
> >
> >
> >
> >
> >
> >
> >
> >
> >
> >
> >
> >
> > _______________________________________________
> > Yale CAS mailing list
> > cas at tp.its.yale.edu <mailto:cas at tp.its.yale.edu>
> <mailto:cas at tp.its.yale.edu <mailto:cas at tp.its.yale.edu>>
> > http://tp.its.yale.edu/mailman/listinfo/cas
> >
> >
> >
> >
> > --
> > -Scott Battaglia
> > PGP Public Key Id: 0x383733AA
> > LinkedIn: http://www.linkedin.com/in/scottbattaglia
> >
> ------------------------------------------------------------------------
> >
> > _______________________________________________
> > Yale CAS mailing list
> > cas at tp.its.yale.edu <mailto:cas at tp.its.yale.edu>
> > http://tp.its.yale.edu/mailman/listinfo/cas
> >
>
> _______________________________________________
> Yale CAS mailing list
> cas at tp.its.yale.edu <mailto:cas at tp.its.yale.edu>
> http://tp.its.yale.edu/mailman/listinfo/cas
>
>
>
>
> --
> -Scott Battaglia
> PGP Public Key Id: 0x383733AA
> LinkedIn: http://www.linkedin.com/in/scottbattaglia
> ------------------------------------------------------------------------
>
> _______________________________________________
> Yale CAS mailing list
> cas at tp.its.yale.edu
> http://tp.its.yale.edu/mailman/listinfo/cas
>
More information about the cas
mailing list