Thanks for the reply. It is actually explains the situation that i suspect..
So i couldnt understand, what should i do as a solution? Should i make SSL configurations with clientAuth on Apache ? Or what ? could you please explain in more detail? -----Original Message----- From: Marvin Addison [mailto:[email protected]] Sent: Tuesday, June 30, 2009 5:22 PM To: [email protected] Subject: Re: [cas-user] Received fatal alert: bad_certificate > 14:54:20,892 ERROR [STDERR] javax.net.ssl.SSLHandshakeException: Received > fatal alert: bad_certificate ... > sun.net.www.protocol.https.HttpsURLConnectionImpl.getInputStream(HttpsURLCon nectionImpl.java:234) > > 14:54:20,902 ERROR [STDERR] at > edu.yale.its.tp.cas.util.SecureURL.retrieve(SecureURL.java:52) > > 14:54:20,903 ERROR [STDERR] at > edu.yale.its.tp.cas.client.ServiceTicketValidator.validate(ServiceTicketVali dator.java:138) > > 14:54:20,903 ERROR [STDERR] at > edu.yale.its.tp.cas.client.CASReceipt.getReceipt(CASReceipt.java:50) > > 14:54:20,904 ERROR [STDERR] at > org.jboss.portal.identity.sso.cas.CASAuthenticationValve.getAuthenticatedUse r(CASAuthenticationValve.java:272) As you can see this exception is coming from the ticket validation step. The CAS client will _never_ present a client certificate because HttpsURLConnectionImpl, which is used to establish the connection, does not support sending a client certificate. If you need a CAS client that has SSL client auth support, you'll have to create extensions to handle that. The Apache commons-httpclient library has support for SSL client auth, so you can start there if you really need client auth for the ticket validation step. Having said that, I would recommend that you set up a separate connector on another port that does not require client auth and validate tickets there. CAS tickets are one-time-use credentials by default, so client authentication on top of that seems like a lot of effort for relatively little additional security. M -- You are currently subscribed to [email protected] as: [email protected] To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user __________ NOD32 4200 (20090630) Bilgi __________ Bu mesaj NOD32 Antivirüs Sistemi tarafýndan kontrol edilmiþtir. http://www.nod32.com.tr Internal Virus Database is out-of-date. Checked by AVG. Version: 7.5.557 / Virus Database: 270.12.10/2088 - Release Date: 4/30/2009 6:01 AM Internal Virus Database is out-of-date. Checked by AVG. Version: 7.5.557 / Virus Database: 270.12.10/2088 - Release Date: 4/30/2009 6:01 AM Dikkat: Bu elektronik posta mesaji kisisel ve ozeldir. Eger size gonderilmediyse lutfen gondericiyi bilgilendirip mesaji siliniz.Firmamiza gelen ve giden mesajlar virus taramasindan gecirilmektedir.Mesajdaki gorusler gondericiye ait olup HAVELSAN A.S. resmi gorusu olmak zorunda degildir. Attention: This e-mail message is private and privileged.If you are not the recipient for whom this e-mail message is intended, please notify the sender immediately and delete this e-mail message from your system.All sent and received e-mail messages go through a virus scan in our company. Any opinions presented in this e-mail message are solely those of the author and do not necessarily represent HAVELSAN A.S.`s formal and authorized views. -- You are currently subscribed to [email protected] as: [email protected] To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user
