Attached is just a little readme that I had created at my work. Its
basically the demo, but I found this to help me much better.
Abdellatif HAROUS wrote:
> scott could u plz tell me where is this file that I should add to it
> the certificate , like the path of this file
>
> ur help is really appreciated
>
> ------------------------------------------------------------------------
> Date: Tue, 28 Jul 2009 09:20:05 -0400
> From: [email protected]
> Subject: Re: [cas-user] CAS SSO server.xml
> To: [email protected]
>
> You're getting an error from a CAS client which means you haven't
> added the certificate to your client JVM's cacerts file.
>
>
> 2009/7/28 Abdellatif HAROUS <[email protected]
> <mailto:[email protected]>>
>
> hi all ......
>
> these three file which got generated for the certificate
> key.der , cert.der , .keystore ......
> for key store file attributr I should be pointing to .keystore
> and I am saying "keystore\.keystore" , cause I created a folder
> with the name keystore
>
> C:\Program Files\Apache\apache-tomcat-5.5.27\keystore
>
> I dont know really why it is not working like in http every thing
> use to worlk expect for SSO , but know in https
> I manage to get only CAs login page then after I enter
> credentials this error appears
>
>
> <Connector port="8443"
> keystorePass = "*****"
> keystoreFile = "keystore\.keystore"
> minProcessors="5 maxProcessors="75"
> enableLookups="true" disableUploadTimeout="true"
> acceptCount="100" debug="0" scheme="https"
> secure="true"
> clientAuth="false" sslProtocol="TLS" />
>
>
> HTTP Status 500 -
>
> ------------------------------------------------------------------------
> *type* Exception report
> *message*
> *description* _The server encountered an internal error () that
> prevented it from fulfilling this request._
> *exception*
>
> javax.servlet.ServletException: The CAS server returned no response.
>
> org.jasig.cas.client.validation.AbstractTicketValidationFilter.doFilter(AbstractTicketValidationFilter.java:155)
>
>
> *root cause*
>
> org.jasig.cas.client.validation.TicketValidationException: The CAS server
> returned no response.
>
> org.jasig.cas.client.validation.AbstractUrlBasedTicketValidator.validate(AbstractUrlBasedTicketValidator.java:181)
>
>
>
> org.jasig.cas.client.validation.AbstractTicketValidationFilter.doFilter(AbstractTicketValidationFilter.java:132)
>
> org.jasig.cas.client.authentication.AuthenticationFilter.doFilter(AuthenticationFilter.java:111)
>
>
> *note* _The full stack trace of the root cause is available in the
> Apache Tomcat/5.5.27 logs._
> ------------------------------------------------------------------------
>
>
> Apache Tomcat/5.5.27
>
>
>
> ------------------------------------------------------------------------
> With Windows Live, you can organize, edit, and share your photos.
>
> <http://www.microsoft.com/middleeast/windows/windowslive/products/photo-gallery-edit.aspx>
>
>
> --
> You are currently subscribed to [email protected]
> <mailto:[email protected]> as: [email protected]
> <mailto:[email protected]>
>
>
> To unsubscribe, change settings or access archives, see
> http://www.ja-sig.org/wiki/display/JSG/cas-user
>
>
> --
> You are currently subscribed to [email protected] as:
> [email protected]
> To unsubscribe, change settings or access archives, see
> http://www.ja-sig.org/wiki/display/JSG/cas-user
>
> ------------------------------------------------------------------------
> check out the rest of the Windows Live™. More than mail–Windows Live™
> goes way beyond your inbox. More than messages
> <http://www.microsoft.com/windows/windowslive/>
> --
> You are currently subscribed to [email protected] as:
> [email protected]
> To unsubscribe, change settings or access archives, see
> http://www.ja-sig.org/wiki/display/JSG/cas-user
--
You are currently subscribed to [email protected] as:
[email protected]
To unsubscribe, change settings or access archives, see
http://www.ja-sig.org/wiki/display/JSG/cas-user
Step 1: Install Java Version 1.x.x_xx
a. Conduct a typical installation next, next, next
b. set JAVA_HOME system environment variable to C:\Program
Files\Java\jdk1.6.0_10
Step 2: Use keytool to self-author certificate for DEMO
a. Open up a command terminal and go to your JAVA_HOME path and
change directory to bin\
b. You are going to use the keytool command(it creates the
self-authenticated certificate that the servers use to auth). These are the
commands...
c. keytool -genkey -alias tomcat -keypass changeit -keyalg RSA
Enter keystore password: changeit (it will not appear as you
type so make sure it is correct)
What is your first and last name?
[Unknown]: localhost(or computer name) (this is
critical...must be the accurate server name)
What is the name of your organizational unit?
[Unknown]: (anything)
What is the name of your organization?
[Unknown]: (anything)
What is the name of your City or Locality?
[Unknown]: (anything)
What is the name of your State or Province?
[Unknown]: (anything)
What is the two-letter country code for this unit?
[Unknown]: US
Is CN=localhost, OU=(anything), O=(anything), L=(anything),
ST=(anything), C=US correct?
[no]: yes
d. keytool -export -alias tomcat -keypass changeit -file
server.crt (this command exports the user-created key to the server certificate
file)
Enter Keystore Password: changeit (again, you will not see the
letters as you type)
Certificate stored in file <server.crt>
e. keytool -import -file server.crt -keypass changeit -keystore
..\jre\lib\security\cacerts
Enter keystore password: changeit
Owner: CN=localhost, OU=Information Systems, O=Pacific Disaster
Center, L=Kihei,
ST=HI, C=US
Issuer: CN=localhost, OU=Information Systems, O=Pacific
Disaster Center, L=Kihei
, ST=HI, C=US
Serial number: 462030d8
Valid from: Fri Apr 13 15:39:36 HST 2007 until: Thu Jul 12
15:39:36 HST 2007
Certificate fingerprints:
MD5:
CC:3B:FB:FB:AE:12:AD:FB:3E:D5:98:CB:2E:3B:0A:AD
SHA1:
A1:16:80:68:39:C7:58:EA:2F:48:59:AA:1D:73:5F:56:78:CE:A4:CE
Trust this certificate? [no]: yes
Certificate was added to keystore
(This part is critical becuase most likely your tomcat server will look
at, X is the java jre your tomcat points to during installation )
f. keytool -import -file server.crt -keypass changeit -keystore
..\..\jreX\lib\security\cacerts
Enter keystore password: changeit
Owner: CN=localhost, OU=Information Systems, O=Pacific Disaster
Center, L=Kihei,
ST=HI, C=US
Issuer: CN=localhost, OU=Information Systems, O=Pacific
Disaster Center, L=Kihei
, ST=HI, C=US
Serial number: 462030d8
Valid from: Fri Apr 13 15:39:36 HST 2007 until: Thu Jul 12
15:39:36 HST 2007
Certificate fingerprints:
MD5:
CC:3B:FB:FB:AE:12:AD:FB:3E:D5:98:CB:2E:3B:0A:AD
SHA1:
A1:16:80:68:39:C7:58:EA:2F:48:59:AA:1D:73:5F:56:78:CE:A4:CE
Trust this certificate? [no]: yes
Certificate was added to keystore
Step 3: Install Tomcat
The default JRE is c:\Program Files\Java\JREX\ That is okay
Make sure to include the 'Examples'
Step 4: Configure Tomcat server.xml (located in \Tomcat x.x\conf\
uncomment the connector after <!-- Define a SSL HTTP/1.1
Connector on port 8443 -->
FOR TOMCAT 6.0
paste this instead
<Connector port="8443" maxHttpHeaderSize="8192"
maxThreads="150" minSpareThreads="25"
maxSpareThreads="75"
enableLookups="false"
disableUploadTimeout="true"
acceptCount="100" scheme="https"
secure="true"
clientAuth="false" sslProtocol="TLS"
SSLEnabled="true"
keystoreFile="C:/Documents and
Settings/username/.keystore"
keystorePass="changeit"
truststoreFile="C:/Program
Files/Java/jdkX.X.X_XX/jre/lib/security/cacerts" />
FOR TOMCAT 5.5
<Connector port="8443" maxHttpHeaderSize="8192"
maxThreads="150" minSpareThreads="25"
maxSpareThreads="75"
enableLookups="false" disableUploadTimeout="true"
acceptCount="100" scheme="https" secure="true"
clientAuth="false" sslProtocol="TLS"
keystoreFile="C:/Documents and
Settings/uername/.keystore"
keystorePass="changeit"
truststoreFile="C:/Program
Files/Java/jdkX.X.X_XX/jre/lib/security/cacerts" />
Step 5: CASify HelloWorld Servlet within the standard examples
a. verify that HelloWorldExample works in your tomcat server.
b. add the following to web.xml of the examples context. (in
TOMCAT6 its webapps\examples\WEB-INF and in TOMCAT5.5 its servlets-examples)
<filter>
<filter-name>CAS Filter</filter-name>
<filter-class>edu.yale.its.tp.cas.client.filter.CASFilter</filter-class>
<init-param>
<param-name>edu.yale.its.tp.cas.client.filter.loginUrl</param-name>
<param-value>https://localhost:8443/cas/login</param-value>
</init-param>
<init-param>
<param-name>edu.yale.its.tp.cas.client.filter.validateUrl</param-name>
<param-value>https://localhost:8443/cas/serviceValidate</param-value>
</init-param>
<init-param>
<param-name>edu.yale.its.tp.cas.client.filter.serverName</param-name>
<param-value>localhost:8080</param-value>
</init-param>
</filter>
and
IN TOMCAT6
<filter-mapping>
<filter-name>CAS Filter</filter-name>
<url-pattern>/servlets/servlet/HelloWorldExample</url-pattern>
</filter-mapping>
IN TOMCAT5
<filter-mapping>
<filter-name>CAS Filter</filter-name>
<url-pattern>/servlet/HelloWorldExample</url-pattern>
</filter-mapping>
Step 6: Drop CAS Client jar into the servlets-examples context
a. created the lib directory under servlets-examples/WEB-INF
b. Download that casclient-2.1.1.zip into
C:\Tomcat5.5.23\webapps\servlets-examples\WEB-INF\lib for TOMCAT 5.5 and
\Tomcat 6.0\webapps\examples\WEB-INF\lib for TOMCAT 6.0
c. RENAME the zip file to jar file.
d. Place activemq-4.0.1.jar in the \Tomcat\lib folder
Step 7: Download and Deploy CAS
a. Download the cas-server-3.x.x.zip file.
b. Extract it all to c:\cas-server-3.x.x directory.
c. Rename cas-server-3.x.x.war to cas.war
d. copy cas.war from
C:\cas-server-3.x.x\cas-server-3.x.x\modules(or target) to
C:\Tomcat5.5.23\webapps
Step 8: RUN
