On 20.03.2009 17:18, Marvin Addison wrote:
>> ERROR [edu.yale.its.tp.cas.client.CASReceipt] -
>> <edu.yale.its.tp.cas.client.CASAuthenticationException: Unable to validate
>> ProxyTicketValidator [[edu.yale.its.tp.cas.client.ProxyTicketValidator
>> proxyList=[null] [edu.yale.its.tp.cas.client.ServiceTicketValidator
>> casValidateUrl=[https://localhost:8443/cas/proxyValidate]
>> proxyCallbackUrl=[https://localhost:8443/ui-fw/CasProxyServlet] ticket=
>> [ST-1-Bn0WScujP0zeyVOcNBkN-cas]
>> service=[http%3A%2F%2Flocalhost%3A8080%2Fui-fw] renew=false]]]>
>
> It looks like CAS failing to validate the proxy callback URL. CAS
> proxy has an additional PKI requirement that CAS trust the client, so
> you'd need to import the client cert into the CAS server truststore.
> I would recommend against that for anything other than testing.
>
> Can you confirm you actually need CAS proxying capabilities? If you
> don't need it, you could remove the
> edu.yale.its.tp.cas.client.filter.proxyCallbackUrl init param and save
> yourself the trouble.
My cert already was imported to $JAVA_HOME/jre/lib/security/cacerts
I commented
<!--
<init-param>
<param-name>edu.yale.its.tp.cas.client.filter.proxyCallbackUrl</param-name>
<param-value>https://angara.techinfocom.com:8443/ui-fw/CasProxyServlet</param-value>
</init-param>
-->
but nothing changed.
--
Denis Kostousov
email: d.kostousovTHEDOGffammDOTcom
jabber: sandelloATjabber.ru
fingerprint: FE3D 60AF E08D 2D2A 6A8B C891 70BB 0665 F047 ADAE
--
You are currently subscribed to [email protected] as:
[email protected]
To unsubscribe, change settings or access archives, see
http://www.ja-sig.org/wiki/display/JSG/cas-user
