Hello,
I am using the JAVA cas-client-core-3.1.3 library
into shibboleth-identityprovider-2.1.2 to connect to my CAS server.
My CAS server is using a wildcard certificate (*.inist.fr) but
its real hostname is auth.dev.inist.fr
I got a problem when the JAVA CAS client try to validate the
CAS ticket. I got an error related to the HostnameVerifier (I think)
which is not able to match the auth.dev.inist.fr and *.inist.fr:
09:29:48.624 - ERROR
[org.jasig.cas.client.validation.Cas20ServiceTicketValidator:49] -
java.io.IOException: HTTPS hostname wrong: should be
<auth.dev.inist.fr>
java.io.IOException: HTTPS hostname wrong: should be <auth.dev.inist.fr>
at
sun.net.www.protocol.https.HttpsClient.checkURLSpoofing(HttpsClient.java:490)
[na:1.5]
at
sun.net.www.protocol.https.HttpsClient.afterConnect(HttpsClient.java:415)
[na:1.5]
at
sun.net.www.protocol.https.AbstractDelegateHttpsURLConnection.connect(AbstractDelegateHttpsURLConnection.java:170)
[na:1.5]
at
sun.net.www.protocol.http.HttpURLConnection.getInputStream(HttpURLConnection.java:934)
[na:1.5.0_14]
at
sun.net.www.protocol.https.HttpsURLConnectionImpl.getInputStream(HttpsURLConnectionImpl.java:234)
[na:1.5]
at
org.jasig.cas.client.validation.AbstractCasProtocolUrlBasedTicketValidator.retrieveResponseFromServer(AbstractCasProtocolUrlBasedTicketValidator.java:35)
[cas-client-core-3.1.3.jar:na]
at
org.jasig.cas.client.validation.AbstractUrlBasedTicketValidator.validate(AbstractUrlBasedTicketValidator.java:178)
[cas-client-core-3.1.3.jar:na]
at
org.jasig.cas.client.validation.AbstractTicketValidationFilter.doFilter(AbstractTicketValidationFilter.java:132)
[cas-client-core-3.1.3.jar:na]
I read archives on this mailing list and I saw that Marvin Addison explains
that it's possible to setup the HostnameVerifier:
http://www.nabble.com/Re%3A-Configure-CAS-and-SSL-p22622462.html
I would like to know how I could change the HostnameVerifier default value.
If I could setup my JAVA apps with -D flag it would be perfect because
I prefere
a simple parameter to a more complex JAVA compilation. For exemple,
I'm looking for something like
-Dorg.apache.commons.ssl.HostnameVerifier=DEFAULT or
-Dorg.apache.commons.ssl.HostnameVerifier=ALLOW_ALL
The HostnameVerifier.DEFAULT value seams to be the right option for my case:
http://juliusdavies.ca/commons-ssl/javadocs/org/apache/commons/ssl/HostnameVerifier.html
Any help is very welcomed.
regards,
Stéphane Gully
--
You are currently subscribed to [email protected] as:
[email protected]
To unsubscribe, change settings or access archives, see
http://www.ja-sig.org/wiki/display/JSG/cas-user
