Bruno, Please go back and read the emails that were previously sent out to the mailing list:
1. The first email detailed that your problem listed below is NOT a CAS problem. Its a problem with YOUR environment. YOUR JVM can't find a valid certificate for your CAS server. Either the certificate expired, it was removed, you've got a corrupted trust store, or you've upgraded your JVM or your application server. You should relook at the instructions you used the first time to deploy the application in your environment. Generally, it involves re-adding the certificate to your trusted certs file. Tomcat relies on the JVM's whereas JBoss may rely on it being in another location. Googling your JVM exception also details options to look into such as making sure the path is specified correctly and that your cacerts file was not corrupted. Without seeing your files, I can't tell you much more than that. 2. The other email detailed that a test case relied on the non-existance of a URL to pass (it was code that tested the reaction to a 404). The TEST stopped working when the site was upgraded. We could have easily just have used CNN.com instead of Jasig.org (maybe the 404 would have still been there then!). There is no "callback to the mothership" at any point. In fact you can disable tests at any point with "-Dmaven.test.skip=true" added to your "mvn clean package install". The two issues clearly have nothing to do with each other. One is a problem local to YOUR machine and the other is a test case that stopped working due to an external resource, which has been addressed in CAS 3.3.2. As for whether you want to upgrade, that's your call. Upgrading should be relatively painless (I know someone who did it yesterday relatively quickly, with the only hitch being the upgrade to Spring LDAP, which requires a one line configuration change to the deployerConfigContext.xml if you use LDAP). Your previous issues with deploying CAS involved you choosing to ignore the advice offered to you on this list. But again, if you choose to upgrade we'll assist via email with any questions. We've tried to regularly assist you on this list and you've continually chosen to ignore the advice or not read the emails at all (as evidenced by your "callback to the mothership", which you've made twice). While we're happy to assist anyone, if you continue to choose to ignore advice or not read emails and make false accusations, you're wasting not only your time, but our time also. Cheers. -Scott -Scott Battaglia PGP Public Key Id: 0x383733AA LinkedIn: http://www.linkedin.com/in/scottbattaglia On Tue, Apr 21, 2009 at 9:56 AM, Bruno Melloni <[email protected]>wrote: > Last week CAS stopped working on my development PC in jBoss after working > since February (also when I froze our CAS code). It would authenticate but > the callback to any client app (some of which have also been frozen) would > fail with an exception (on my PC only, nothing fails on the Test server). > My PC had Java and Eclipse updates recently pushed to it, so it was assumed > that the certificates were no longer good. Regenerating the HTTPS setup did > no good. > > > > After biting the bullet I recreated my whole environment from scratch – > reinstalled and reconfigured Tomcat, jBoss, Eclipse, got all of the apps > from version control (including the frozen CAS). The Tomcat setup works, > but jBoss still fails the same way. > > > > Scott mentioned that the problem was probably caused by CAS code that > reports back to the Jasig CAS website. It seems that the URL that 3.3.1 > points to no longer exists due to the Jasig website redesign, but that 3.3.2 > has that fixed. Since the formal CAS test server is still working fine, I > presume that the callback to CAS only happens once per server. Also, since > it works on a fresh reinstall of Tomcat, I guess it only happens on some > types of servers (strange). > > > > It was quite hard to get 3.3.1 to work and I would like to avoid being > forced to upgrade, if possible. So, I have a three part question: > > > > 1) Does anybody know if there are plans to reinstate the old ‘report > to mothership’ URL? > > 2) Is there a way to disable that call? > > 3) Or is there no other option than to suffer through an upgrade? > > > > For completeness, here are the exceptions: > > > > Original exception: > > > > [org.jasig.cas.client.validation.Cas20ServiceTicketValidator] * > javax.net.ssl.SSLHandshakeException*: * > sun.security.validator.ValidatorException*: PKIX path building failed: * > sun.security.provider.certpath.SunCertPathBuilderException*: unable to > find valid certification path to requested target > > > > Exception after regenerating the keystore and certificate: > > > > 09:27:09,368 ERROR > [org.jasig.cas.client.validation.Cas20ServiceTicketValidator] > javax.net.ssl.SSLException: java.lang.RuntimeEx > > ception: Unexpected error: > java.security.InvalidAlgorithmParameterException: the trustAnchors parameter > must be non-empty > > > > -- > You are currently subscribed to [email protected] as: > [email protected] > > To unsubscribe, change settings or access archives, see > http://www.ja-sig.org/wiki/display/JSG/cas-user > > -- You are currently subscribed to [email protected] as: [email protected] To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user
