[cas-dev] CAS 3.4.2.1 + Tomcat + SSL + clientAuth + Single Logout

Wed, 04 Aug 2010 07:23:40 -0700 

Hi,

I have the following problem using a single Tomcat 6 instance with two 
connectors:

<!-- used by cas - no client authentication -->
<Connector    executor="tomcatThreadPool"
         port="9443"
         protocol="HTTP/1.1"
         SSLEnabled="true"
         scheme="https"
         secure="true"
* clientAuth="false" *
         sslProtocol="TLS"
         acceptCount="300"
         connectionTimeout="10000"
         maxKeepAliveRequests="1"
         URIEncoding="UTF-8"
         keystoreFile="keystore2" keystorePass="XXXX"
         
truststoreFile="/usr/lib/jvm/java-6-sun/jre/lib/security/cacerts" 
truststorePass="XXXX"
          />

<!--
     used by all applications that require client auth
         applications are sent to the 9443 connector for
         service validation -->
<Connector    executor="tomcatThreadPool"
         port="443"
         protocol="HTTP/1.1"
         SSLEnabled="true"
         scheme="https"
         secure="true"
*       clientAuth="true" *
          sslProtocol="TLS"
         acceptCount="300"
         connectionTimeout="10000"
         maxKeepAliveRequests="1"
         URIEncoding="UTF-8"
         keystoreFile="keystore2" keystorePass="XXXX"
         
truststoreFile="/usr/lib/jvm/java-6-sun/jre/lib/security/cacerts" 
truststorePass="XXXX"
          />


I have two applications appA and appB and a requirement to use client 
authentication (clientAuth=true). I ended with the above configuration 
(as opposed to a single connector) after reading an older post: 
http://www.mail-archive.com/cas-u...@lists.jasig.org/msg01906.html

However, logout does not work anymore - see the cas log:

2010-08-04 14:16:40,419 WARN [org.jasig.cas.util.HttpClient] - Error 
Sending message to url endpoint 
[https://myserver/appA/j_spring_cas_security_check].*  Error is 
[Received fatal alert: bad_certificate]*
2010-08-04 14:16:40,431 WARN [org.jasig.cas.util.HttpClient] - Error 
Sending message to url endpoint 
[https://myserver/appB/j_spring_cas_security_check;jsessionid=B8499A09096BAC4DEAC31722AB7BA96D].
 
*Error is [Received fatal alert: bad_certificate]*

The certificates I use are all self-signed. If I disable clientAuth from 
the 443 connector everything works ok.

I would greatly appreciate your help.


Thanks,
George



-- 
You are currently subscribed to cas-dev@lists.jasig.org as: 
arch...@mail-archive.com
To unsubscribe, change settings or access archives, see 
http://www.ja-sig.org/wiki/display/JSG/cas-dev

Reply via email to