On 6/25/19 9:55 AM, Shawn Cutting wrote: > Greetings, > I have been banging my head against a wall for the past few weeks > trying to figure out why I cannot build a functional CAS instance with > SAML IdP. When I run "build.sh package", I get the following error: > > [ERROR] Failed to execute goal on project cas-overlay: Could not > resolve dependencies for project org.apereo.cas:cas-overlay:war:1.0: > Failed to collect dependencies at > org.apereo.cas:cas-server-support-ldap:jar:5.3.9 -> > org.apereo.cas:cas-server-core-util-api:jar:5.3.9 -> > org.pac4j:pac4j-saml:jar:3.6.1 -> > net.shibboleth.tool:xmlsectool:jar:2.0.0: Failed to read artifact > descriptor for net.shibboleth.tool:xmlsectool:jar:2.0.0: Could not > transfer artifact net.shibboleth.tool:xmlsectool:pom:2.0.0 from/to > shib-release > (https://build.shibboleth.net/nexus/content/repositories/releases): > sun.security.validator.ValidatorException: PKIX path building failed: > sun.security.provider.certpath.SunCertPathBuilderException: unable to > find valid certification path to requested target -> [Help 1] > > I doing some more research, it seems that the last part of the error > indicates that perhaps the shibboleth.net site is not trusted, yet its > information is inside the keystore (and is valid). Something to note, > we are running CAS behind an Apache proxy/reverse proxy (for ease of > updating the SSL certificate of the server). Does anyone have any > insight into why the SAML elements of my build keep it from succeding?
Best guess is that it is trying to pull artifacts (jars) from the Shibboleth repo. That repo is behind a Let's Encrypt certificate, and it appears that your install of Java doesn't trust that CA. Which keystore are you looking at? Don't quite know how CA roots are handled in Java myself. -- - Website: https://apereo.github.io/cas - Gitter Chatroom: https://gitter.im/apereo/cas - List Guidelines: https://goo.gl/1VRrw7 - Contributions: https://goo.gl/mh7qDG --- You received this message because you are subscribed to the Google Groups "CAS Community" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/651b121d-1b12-f9e4-9568-f5550789eb24%40ndsu.edu.
