I want to try to use ClientAuthentication in CAS.
My server.xml is
<Connector port="8443" maxHttpHeaderSize="8192"
maxThreads="150" minSpareThreads="25" maxSpareThreads="75"
enableLookups="false" disableUploadTimeout="true"
acceptCount="100" scheme="https" secure="true" SSLEnabled="true"
clientAuth="true" sslProtocol="TLS"
keystoreFile= "/portalkeystore/keystore"
keystorePass="changeit"
truststoreFile="/mms/java/jdk1.5.0_18/jre/lib/security/cacerts"
truststorePass="changeit"
/>
With clientAuth="false" everything is OK.
But when I change clientAuth="true" , the browsers open a window to select
client cert, I choose and portal home page comes, but simultaneously it
gives below error.
14:54:20,892 ERROR [STDERR] javax.net.ssl.SSLHandshakeException: Received
fatal alert: bad_certificate
14:54:20,894 ERROR [STDERR] at
com.sun.net.ssl.internal.ssl.Alerts.getSSLException(Alerts.java:150)
14:54:20,894 ERROR [STDERR] at
com.sun.net.ssl.internal.ssl.Alerts.getSSLException(Alerts.java:117)
14:54:20,895 ERROR [STDERR] at
com.sun.net.ssl.internal.ssl.SSLSocketImpl.recvAlert(SSLSocketImpl.java:1650
)
14:54:20,896 ERROR [STDERR] at
com.sun.net.ssl.internal.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:925
)
14:54:20,896 ERROR [STDERR] at
com.sun.net.ssl.internal.ssl.SSLSocketImpl.waitForClose(SSLSocketImpl.java:1
428)
14:54:20,896 ERROR [STDERR] at
com.sun.net.ssl.internal.ssl.HandshakeOutStream.flush(HandshakeOutStream.jav
a:103)
14:54:20,897 ERROR [STDERR] at
com.sun.net.ssl.internal.ssl.Handshaker.sendChangeCipherSpec(Handshaker.java
:591)
14:54:20,897 ERROR [STDERR] at
com.sun.net.ssl.internal.ssl.ClientHandshaker.sendChangeCipherAndFinish(Clie
ntHandshaker.java:698)
14:54:20,897 ERROR [STDERR] at
com.sun.net.ssl.internal.ssl.ClientHandshaker.serverHelloDone(ClientHandshak
er.java:624)
14:54:20,898 ERROR [STDERR] at
com.sun.net.ssl.internal.ssl.ClientHandshaker.processMessage(ClientHandshake
r.java:160)
14:54:20,898 ERROR [STDERR] at
com.sun.net.ssl.internal.ssl.Handshaker.processLoop(Handshaker.java:495)
14:54:20,899 ERROR [STDERR] at
com.sun.net.ssl.internal.ssl.Handshaker.process_record(Handshaker.java:433)
14:54:20,899 ERROR [STDERR] at
com.sun.net.ssl.internal.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:877
)
14:54:20,900 ERROR [STDERR] at
com.sun.net.ssl.internal.ssl.SSLSocketImpl.performInitialHandshake(SSLSocket
Impl.java:1089)
14:54:20,900 ERROR [STDERR] at
com.sun.net.ssl.internal.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java
:1116)
14:54:20,900 ERROR [STDERR] at
com.sun.net.ssl.internal.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java
:1100)
14:54:20,901 ERROR [STDERR] at
sun.net.www.protocol.https.HttpsClient.afterConnect(HttpsClient.java:402)
14:54:20,901 ERROR [STDERR] at
sun.net.www.protocol.https.AbstractDelegateHttpsURLConnection.connect(Abstra
ctDelegateHttpsURLConnection.java:166)
14:54:20,902 ERROR [STDERR] at
sun.net.www.protocol.http.HttpURLConnection.getInputStream(HttpURLConnection
.java:949)
14:54:20,902 ERROR [STDERR] at
sun.net.www.protocol.https.HttpsURLConnectionImpl.getInputStream(HttpsURLCon
nectionImpl.java:234)
14:54:20,902 ERROR [STDERR] at
edu.yale.its.tp.cas.util.SecureURL.retrieve(SecureURL.java:52)
14:54:20,903 ERROR [STDERR] at
edu.yale.its.tp.cas.client.ServiceTicketValidator.validate(ServiceTicketVali
dator.java:138)
14:54:20,903 ERROR [STDERR] at
edu.yale.its.tp.cas.client.CASReceipt.getReceipt(CASReceipt.java:50)
14:54:20,904 ERROR [STDERR] at
org.jboss.portal.identity.sso.cas.CASAuthenticationValve.getAuthenticatedUse
r(CASAuthenticationValve.java:272)
14:54:20,904 ERROR [STDERR] at
org.jboss.portal.identity.sso.cas.CASAuthenticationValve.invoke(CASAuthentic
ationValve.java:208)
14:54:20,905 ERROR [STDERR] at
org.jboss.web.tomcat.security.JaccContextValve.invoke(JaccContextValve.java:
84)
14:54:20,905 ERROR [STDERR] at
org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:127
)
14:54:20,906 ERROR [STDERR] at
org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:102
)
14:54:20,906 ERROR [STDERR] at
org.jboss.web.tomcat.service.jca.CachedConnectionValve.invoke(CachedConnecti
onValve.java:157)
14:54:20,907 ERROR [STDERR] at
org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java
:109)
14:54:20,907 ERROR [STDERR] at
org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:262)
14:54:20,907 ERROR [STDERR] at
org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:844)
14:54:20,908 ERROR [STDERR] at
org.apache.coyote.http11.Http11Protocol$Http11ConnectionHandler.process(Http
11Protocol.java:583)
14:54:20,908 ERROR [STDERR] at
org.apache.tomcat.util.net.JIoEndpoint$Worker.run(JIoEndpoint.java:446)
14:54:20,909 ERROR [STDERR] at java.lang.Thread.run(Thread.java:595)
What this problem means?
SecureURL class, there is a method named retrieve, in this method, a
connection Is created, but there is no cert. around. It may be the problem?
So how can obtain my x509 certs. In secure url?
Or any other solution that you know? Plase help me…
Internal Virus Database is out-of-date.
Checked by AVG.
Version: 7.5.557 / Virus Database: 270.12.10/2088 - Release Date: 4/30/2009
6:01 AM
Dikkat: Bu elektronik posta mesaji kisisel ve ozeldir. Eger size
gonderilmediyse lutfen gondericiyi bilgilendirip mesaji siliniz.Firmamiza gelen
ve giden mesajlar virus taramasindan gecirilmektedir.Mesajdaki gorusler
gondericiye ait olup HAVELSAN A.S. resmi gorusu olmak zorunda degildir.
Attention: This e-mail message is private and privileged.If you are not the
recipient for whom this e-mail message is intended, please notify the sender
immediately and delete this e-mail message from your system.All sent and
received e-mail messages go through a virus scan in our company. Any opinions
presented in this e-mail message are solely those of the author and do not
necessarily represent HAVELSAN A.S.`s formal and authorized views.
--
You are currently subscribed to [email protected] as:
[email protected]
To unsubscribe, change settings or access archives, see
http://www.ja-sig.org/wiki/display/JSG/cas-user
