Re: [cas-user] CAS SSO server.xml

Tue, 28 Jul 2009 16:24:33 -0700 

You have to figure out the JRE_HOME for your client.  If you are using a 
JDK, it's the 'fre' directory in the JDK.  For Java Runtime, it's that 
Java directory.

The file you want to update is <JRE_HOME>/lib/security/cacerts.  You'll 
want to use the <JRE_HOME>/bin/keytool to avoid version conflicts.

In Linux, I'd do something like:

    cd <JRE_HOME>/lib/security
    ../../bin/keytool -importcert -alias dev-tomcat -file <cert_file> 
-keystore cacerts -keypass changeit

That's from memory so your mileage may vary.

Good luck!

Benito J. Gonzalez
Enterprise Web Applications Supervisor
Information Technology Department
University of California, Merced
Desk: 209.228.2974
Cell: 209.201.5052
Email: [email protected]



Abdellatif HAROUS wrote:
> scott could u plz tell me where is this file that I should add to it 
> the certificate , like the path of this file
>
> ur help is really appreciated
>
> ------------------------------------------------------------------------
> Date: Tue, 28 Jul 2009 09:20:05 -0400
> From: [email protected]
> Subject: Re: [cas-user] CAS SSO server.xml
> To: [email protected]
>
> You're getting an error from a CAS client which means you haven't 
> added the certificate to your client JVM's cacerts file.
>
>
> 2009/7/28 Abdellatif HAROUS <[email protected] 
> <mailto:[email protected]>>
>
>     hi all ......
>
>     these three file which got generated for the certificate
>     key.der , cert.der , .keystore ......
>     for key store file attributr I should be pointing to .keystore
>     and I am saying "keystore\.keystore" , cause I created a folder
>     with the name keystore
>
>     C:\Program Files\Apache\apache-tomcat-5.5.27\keystore
>
>     I dont know really why it is not working like in http every thing
>     use to worlk expect for SSO , but know in https
>      I manage to get only CAs login page then after I enter
>     credentials this error appears
>
>
>     <Connector port="8443"           
>                    keystorePass = "*****"
>                    keystoreFile = "keystore\.keystore"
>                    minProcessors="5 maxProcessors="75"
>                    enableLookups="true" disableUploadTimeout="true"
>                    acceptCount="100" debug="0"  scheme="https"
>     secure="true"
>                    clientAuth="false" sslProtocol="TLS" />
>
>
>       HTTP Status 500 -
>
>     ------------------------------------------------------------------------
>     *type* Exception report
>     *message*
>     *description* _The server encountered an internal error () that
>     prevented it from fulfilling this request._
>     *exception*
>
>     javax.servlet.ServletException: The CAS server returned no response.
>       
> org.jasig.cas.client.validation.AbstractTicketValidationFilter.doFilter(AbstractTicketValidationFilter.java:155)
>         
>
>     *root cause*
>
>     org.jasig.cas.client.validation.TicketValidationException: The CAS server 
> returned no response.
>       
> org.jasig.cas.client.validation.AbstractUrlBasedTicketValidator.validate(AbstractUrlBasedTicketValidator.java:181)
>
>
>       
> org.jasig.cas.client.validation.AbstractTicketValidationFilter.doFilter(AbstractTicketValidationFilter.java:132)
>       
> org.jasig.cas.client.authentication.AuthenticationFilter.doFilter(AuthenticationFilter.java:111)
>         
>
>     *note* _The full stack trace of the root cause is available in the
>     Apache Tomcat/5.5.27 logs._
>     ------------------------------------------------------------------------
>
>
>           Apache Tomcat/5.5.27
>
>
>
>     ------------------------------------------------------------------------
>     With Windows Live, you can organize, edit, and share your photos.
>     
> <http://www.microsoft.com/middleeast/windows/windowslive/products/photo-gallery-edit.aspx>
>
>
>     -- 
>     You are currently subscribed to [email protected] 
> <mailto:[email protected]> as: [email protected] 
> <mailto:[email protected]>
>
>
>     To unsubscribe, change settings or access archives, see 
> http://www.ja-sig.org/wiki/display/JSG/cas-user
>
>
> -- 
> You are currently subscribed to [email protected] as: 
> [email protected]
> To unsubscribe, change settings or access archives, see 
> http://www.ja-sig.org/wiki/display/JSG/cas-user
>
> ------------------------------------------------------------------------
> check out the rest of the Windows Live�. More than mail�Windows Live� 
> goes way beyond your inbox. More than messages 
> <http://www.microsoft.com/windows/windowslive/>
> -- 
> You are currently subscribed to [email protected] as: 
> [email protected]
> To unsubscribe, change settings or access archives, see 
> http://www.ja-sig.org/wiki/display/JSG/cas-user


-- 
You are currently subscribed to [email protected] as: 
[email protected]
To unsubscribe, change settings or access archives, see 
http://www.ja-sig.org/wiki/display/JSG/cas-user

Reply via email to