Last week CAS stopped working on my development PC in jBoss after working since February (also when I froze our CAS code). It would authenticate but the callback to any client app (some of which have also been frozen) would fail with an exception (on my PC only, nothing fails on the Test server). My PC had Java and Eclipse updates recently pushed to it, so it was assumed that the certificates were no longer good. Regenerating the HTTPS setup did no good.
After biting the bullet I recreated my whole environment from scratch - reinstalled and reconfigured Tomcat, jBoss, Eclipse, got all of the apps from version control (including the frozen CAS). The Tomcat setup works, but jBoss still fails the same way. Scott mentioned that the problem was probably caused by CAS code that reports back to the Jasig CAS website. It seems that the URL that 3.3.1 points to no longer exists due to the Jasig website redesign, but that 3.3.2 has that fixed. Since the formal CAS test server is still working fine, I presume that the callback to CAS only happens once per server. Also, since it works on a fresh reinstall of Tomcat, I guess it only happens on some types of servers (strange). It was quite hard to get 3.3.1 to work and I would like to avoid being forced to upgrade, if possible. So, I have a three part question: 1) Does anybody know if there are plans to reinstate the old 'report to mothership' URL? 2) Is there a way to disable that call? 3) Or is there no other option than to suffer through an upgrade? For completeness, here are the exceptions: Original exception: [org.jasig.cas.client.validation.Cas20ServiceTicketValidator] javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target Exception after regenerating the keystore and certificate: 09:27:09,368 ERROR [org.jasig.cas.client.validation.Cas20ServiceTicketValidator] javax.net.ssl.SSLException: java.lang.RuntimeEx ception: Unexpected error: java.security.InvalidAlgorithmParameterException: the trustAnchors parameter must be non-empty -- You are currently subscribed to [email protected] as: [email protected] To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user
