I UNDERSTAND. Ok...trying that now...thanks!
Jen
On Fri, May 18, 2018 at 11:48 AM, Ray Bon <r...@uvic.ca> wrote:
> Jen,
>
> You will need to install custom certs on both sides (CAS and
> cas-management). The jvm is responsible for certificate processing, tomcat
> only needs to know where it is to send it to the browser.
>
> sudo keytool -import -file ${certName} -alias ${aliasName} -keystore
> $JAVA_HOME/jre/lib/security/cacerts
>
> https://apereo.github.io/cas/developer/Build-Process-5X.html#configure-ssl
>
> Ray
>
> On Fri, 2018-05-18 at 08:20 -0700, Jennifer LaVoie wrote:
>
> Yes. I understand the distinction...I was typing quickly :)
>
> I do get an error in my cas-management log about ssl - but my regular
> /cas/login link loads just fine (self signed cert on this particular server)
>
> Caused by: sun.security.validator.ValidatorException: PKIX path building
> failed: sun.security.provider.certpath.SunCertPathBuilderException:
> unable to find valid certification path to requested target
> at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:397)
> ~[?:1.8.0_171]
> at sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:302)
> ~[?:1.8.0_171]
> at sun.security.validator.Validator.validate(Validator.java:260)
> ~[?:1.8.0_171]
> at
> sun.security.ssl.X509TrustManagerImpl.validate(X509TrustManagerImpl.java:324)
> ~[?:1.8.0_171]
> at
> sun.security.ssl.X509TrustManagerImpl.checkTrusted(X509TrustManagerImpl.java:229)
> ~[?:1.8.0_171]
> at
> sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:124)
> ~[?:1.8.0_171]
> at
> sun.security.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:1596)
> ~[?:1.8.0_171]
> at sun.security.ssl.ClientHandshaker.processMessage(ClientHandshaker.java:216)
> ~[?:1.8.0_171]
> at sun.security.ssl.Handshaker.processLoop(Handshaker.java:1052)
> ~[?:1.8.0_171]
> at sun.security.ssl.Handshaker.process_record(Handshaker.java:987)
> ~[?:1.8.0_171]
> at sun.security.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:1072)
> ~[?:1.8.0_171]
> at
> sun.security.ssl.SSLSocketImpl.performInitialHandshake(SSLSocketImpl.java:1385)
> ~[?:1.8.0_171]
> at sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1413)
> ~[?:1.8.0_171]
> at sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1397)
> ~[?:1.8.0_171]
> at sun.net.www.protocol.https.HttpsClient.afterConnect(HttpsClient.java:559)
> ~[?:1.8.0_171]
> at sun.net.www.protocol.https.AbstractDelegateHttpsURLConnection.connect(
> AbstractDelegateHttpsURLConnection.java:185) ~[?:1.8.0_171]
> at
> sun.net.www.protocol.http.HttpURLConnection.getInputStream0(HttpURLConnection.java:1564)
> ~[?:1.8.0_171]
> at
> sun.net.www.protocol.http.HttpURLConnection.getInputStream(HttpURLConnection.java:1492)
> ~[?:1.8.0_171]
> at sun.net.www.protocol.https.HttpsURLConnectionImpl.getInputStream(
> HttpsURLConnectionImpl.java:263) ~[?:1.8.0_171]
> at
> org.jasig.cas.client.util.CommonUtils.getResponseFromServer(CommonUtils.java:431)
> ~[cas-client-core-3.4.1.jar:3.4.1]
> at org.jasig.cas.client.validation.AbstractCasProtocolUrlBasedTic
> ketValidator.retrieveResponseFromServer(AbstractCasProtocolUrlBasedTicketValidator.java:41)
> ~[cas-client-core-3.4.1.jar:3.4.1]
> at org.jasig.cas.client.validation.AbstractUrlBasedTicketValidato
> r.validate(AbstractUrlBasedTicketValidator.java:193)
> ~[cas-client-core-3.4.1.jar:3.4.1]
> at
> org.pac4j.cas.credentials.authenticator.CasAuthenticator.validate(CasAuthenticator.java:61)
> ~[pac4j-cas-2.2.0.jar:?]
> at
> org.pac4j.cas.client.direct.DirectCasClient.retrieveCredentials(DirectCasClient.java:68)
> ~[pac4j-cas-2.2.0.jar:?]
> at
> org.pac4j.cas.client.direct.DirectCasClient.retrieveCredentials(DirectCasClient.java:37)
> ~[pac4j-cas-2.2.0.jar:?]
> at org.pac4j.core.client.DirectClient.getCredentials(DirectClient.java:44)
> ~[pac4j-core-2.2.0.jar:?]
> at
> org.pac4j.core.engine.DefaultSecurityLogic.perform(DefaultSecurityLogic.java:113)
> ~[pac4j-core-2.2.0.jar:?]
> ... 72 more
> Caused by: sun.security.provider.certpath.SunCertPathBuilderException:
> unable to find valid certification path to requested target
> at sun.security.provider.certpath.SunCertPathBuilder.
> build(SunCertPathBuilder.java:141) ~[?:1.8.0_171]
> at
> sun.security.provider.certpath.SunCertPathBuilder.engineBuild(SunCertPathBuilder.java:126)
> ~[?:1.8.0_171]
> at java.security.cert.CertPathBuilder.build(CertPathBuilder.java:280)
> ~[?:1.8.0_171]
> at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:392)
> ~[?:1.8.0_171]
> at sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:302)
> ~[?:1.8.0_171]
> at sun.security.validator.Validator.validate(Validator.java:260)
> ~[?:1.8.0_171]
> at
> sun.security.ssl.X509TrustManagerImpl.validate(X509TrustManagerImpl.java:324)
> ~[?:1.8.0_171]
> at
> sun.security.ssl.X509TrustManagerImpl.checkTrusted(X509TrustManagerImpl.java:229)
> ~[?:1.8.0_171]
> at
> sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:124)
> ~[?:1.8.0_171]
> at
> sun.security.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:1596)
> ~[?:1.8.0_171]
> at sun.security.ssl.ClientHandshaker.processMessage(ClientHandshaker.java:216)
> ~[?:1.8.0_171]
> at sun.security.ssl.Handshaker.processLoop(Handshaker.java:1052)
> ~[?:1.8.0_171]
> at sun.security.ssl.Handshaker.process_record(Handshaker.java:987)
> ~[?:1.8.0_171]
> at sun.security.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:1072)
> ~[?:1.8.0_171]
> at
> sun.security.ssl.SSLSocketImpl.performInitialHandshake(SSLSocketImpl.java:1385)
> ~[?:1.8.0_171]
> at sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1413)
> ~[?:1.8.0_171]
> at sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1397)
> ~[?:1.8.0_171]
> at sun.net.www.protocol.https.HttpsClient.afterConnect(HttpsClient.java:559)
> ~[?:1.8.0_171]
> at sun.net.www.protocol.https.AbstractDelegateHttpsURLConnection.connect(
> AbstractDelegateHttpsURLConnection.java:185) ~[?:1.8.0_171]
> at
> sun.net.www.protocol.http.HttpURLConnection.getInputStream0(HttpURLConnection.java:1564)
> ~[?:1.8.0_171]
> at
> sun.net.www.protocol.http.HttpURLConnection.getInputStream(HttpURLConnection.java:1492)
> ~[?:1.8.0_171]
> at sun.net.www.protocol.https.HttpsURLConnectionImpl.getInputStream(
> HttpsURLConnectionImpl.java:263) ~[?:1.8.0_171]
> at
> org.jasig.cas.client.util.CommonUtils.getResponseFromServer(CommonUtils.java:431)
> ~[cas-client-core-3.4.1.jar:3.4.1]
> at org.jasig.cas.client.validation.AbstractCasProtocolUrlBasedTic
> ketValidator.retrieveResponseFromServer(AbstractCasProtocolUrlBasedTicketValidator.java:41)
> ~[cas-client-core-3.4.1.jar:3.4.1]
> at org.jasig.cas.client.validation.AbstractUrlBasedTicketValidato
> r.validate(AbstractUrlBasedTicketValidator.java:193)
> ~[cas-client-core-3.4.1.jar:3.4.1]
> at
> org.pac4j.cas.credentials.authenticator.CasAuthenticator.validate(CasAuthenticator.java:61)
> ~[pac4j-cas-2.2.0.jar:?]
> at
> org.pac4j.cas.client.direct.DirectCasClient.retrieveCredentials(DirectCasClient.java:68)
> ~[pac4j-cas-2.2.0.jar:?]
> at
> org.pac4j.cas.client.direct.DirectCasClient.retrieveCredentials(DirectCasClient.java:37)
> ~[pac4j-cas-2.2.0.jar:?]
> at org.pac4j.core.client.DirectClient.getCredentials(DirectClient.java:44)
> ~[pac4j-core-2.2.0.jar:?]
> at
> org.pac4j.core.engine.DefaultSecurityLogic.perform(DefaultSecurityLogic.java:113)
> ~[pac4j-core-2.2.0.jar:?]
>
>
> On Thursday, May 17, 2018 at 4:16:06 PM UTC-4, rbon wrote:
>
> Jen,
>
> I think you mean a cas-management error and not 'CAS error'.
> Are CAS and cas-management running on the same tomcat?
> Logging config for cas-management is in log4j2-management.xml which also
> introduces cas-management.log.
>
> Ray
>
> On Thu, 2018-05-17 at 12:55 -0700, Jennifer LaVoie wrote:
>
>
> nothing helpful in cas.log or catalina.out that I can see
>
> it seems to be CAS error because the leaf is on the tab and above the
> error that I posted it says
>
> Cas Service Management
>
> Jen
>
> On Thursday, May 17, 2018 at 3:44:27 PM UTC-4, David Curry wrote:
>
> Haven't seen that one, that I can recall.
>
> Is that a CAS error (shows in a CAS-branded web page) or a Tomcat error?
>
> Do the logs (cas.log and/or catalina.out) say anything helpful?
>
>
>
> --
>
> DAVID A. CURRY, CISSP
> *DIRECTOR OF INFORMATION SECURITY*
> INFORMATION TECHNOLOGY
>
> 71 FIFTH AVE., 9TH FL., NEW YORK, NY 10003
> <https://maps.google.com/?q=71+FIFTH+AVE.,+9TH+FL.,+NEW+YORK,+NY+10003&entry=gmail&source=g>
> +1 212 229-5300 x4728 • david.cu...@newschool.edu
>
> [image: The New School]
>
> On Thu, May 17, 2018 at 3:40 PM, Jennifer LaVoie <nixge...@gmail.com>
> wrote:
>
> I updated the management.properties file with some ports specifically
> defined. And that is now working as expected...
>
> However, I get this
>
> The CAS management webapp is unavailable.
>
> There was an error trying to complete your request. Please notify your
> support desk or try again.
>
>
>
>
>
> On Thursday, May 17, 2018 at 3:18:42 PM UTC-4, Jennifer LaVoie wrote:
>
> So I have followed all the steps here
>
> https://dacurry-tns.github.io/deploying-apereo-cas/building_
> svcmgmt_configure-webapp-properties.html
>
> (awesome site)
>
> And when I try to go to
>
> https://cashost:8443/cas-management
>
> I am redirected to here
>
> https://casserver.herokuapp.com/cas/login?service=https%3A%
> 2F%2Fcashost%3A8443%2Fcas-management%2Fmanage.html
>
> I have already logged into my cas.
>
> What config file have I forgotten to change?
>
> Jen
>
> --
> - Website: https://apereo.github.io/cas
> - Gitter Chatroom: https://gitter.im/apereo/cas
> - List Guidelines: https://goo.gl/1VRrw7
> - Contributions: https://goo.gl/mh7qDG
> ---
> You received this message because you are subscribed to the Google Groups
> "CAS Community" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to cas-user+u...@apereo.org.
> To view this discussion on the web visit https://groups.google.com/a/ap
> ereo.org/d/msgid/cas-user/53c3f120-14ec-41af-8447-1db0e37079
> 5e%40apereo.org
> <https://groups.google.com/a/apereo.org/d/msgid/cas-user/53c3f120-14ec-41af-8447-1db0e370795e%40apereo.org?utm_medium=email&utm_source=footer>
> .
>
>
>
> --
> Ray Bon
> Programmer analyst
> Development Services, University Systems
> 2507218831 | CLE 019 | rb...@uvic.ca
>
>
> --
> Ray Bon
> Programmer analyst
> Development Services, University Systems
> 2507218831 | CLE 019 | r...@uvic.ca
>
> --
> - Website: https://apereo.github.io/cas
> - Gitter Chatroom: https://gitter.im/apereo/cas
> - List Guidelines: https://goo.gl/1VRrw7
> - Contributions: https://goo.gl/mh7qDG
> ---
> You received this message because you are subscribed to the Google Groups
> "CAS Community" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to cas-user+unsubscr...@apereo.org.
> To view this discussion on the web visit https://groups.google.com/a/
> apereo.org/d/msgid/cas-user/1526658503.1817.105.camel%40uvic.ca
> <https://groups.google.com/a/apereo.org/d/msgid/cas-user/1526658503.1817.105.camel%40uvic.ca?utm_medium=email&utm_source=footer>
> .
>
--
"Confusion is a word we have invented for an order which is not
understood." ~Henry Miller
--
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
---
You received this message because you are subscribed to the Google Groups "CAS
Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to cas-user+unsubscr...@apereo.org.
To view this discussion on the web visit
https://groups.google.com/a/apereo.org/d/msgid/cas-user/CA%2Bwv1vGDkMzc06bUA1%3DWi2Yx439G6GODbTHPa5bFgBQM%3DhNhsg%40mail.gmail.com.
