I'm working through the Demo at http://www.ja-sig.org/wiki/display/CASUM/Demo
and Tomcat is throwing a 500 error. :-(
The server is running RHEL 5.3 with the IBM Java.
[~] $ java -version
java version "1.5.0"
Java(TM) 2 Runtime Environment, Standard Edition
(build pxa64dev-20090707 (SR10))
IBM J9 VM build 2.3, J2RE 1.5.0 IBM J9 2.3
Linux amd64-64 j9vmxa6423-20090707 (JIT enabled)
J9VM - 20090706_38445_LHdSMr
JIT - 20090623_1334_r8
GC - 200906_09
JCL - 20090705
CAS is running I can use the default login/out URLs and
see the green "successful" messages.
I've attached the web.xml file with the CAS filter
declarations and the 500 error message with the stack
trace.
Something to do with the "PKIX path building failed" ...
"unable to find valid certification path to requested target"
???
Suggestions please.
--
You are currently subscribed to [email protected] as:
[email protected]
To unsubscribe, change settings or access archives, see
http://www.ja-sig.org/wiki/display/JSG/cas-user<?xml version="1.0" encoding="ISO-8859-1"?>
<!--
Licensed to the Apache Software Foundation (ASF) under one or more
contributor license agreements. See the NOTICE file distributed with
this work for additional information regarding copyright ownership.
The ASF licenses this file to You under the Apache License, Version 2.0
(the "License"); you may not use this file except in compliance with
the License. You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
-->
<web-app xmlns="http://java.sun.com/xml/ns/j2ee";
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance";
xsi:schemaLocation="http://java.sun.com/xml/ns/j2ee http://java.sun.com/xml/ns/j2ee/web-app_2_4.xsd";
version="2.4">
<display-name>Servlet 2.4 Examples</display-name>
<description>
Servlet 2.4 Examples.
</description>
<!-- Define servlet-mapped and path-mapped example filters -->
<filter>
<filter-name>Servlet Mapped Filter</filter-name>
<filter-class>filters.ExampleFilter</filter-class>
<init-param>
<param-name>attribute</param-name>
<param-value>filters.ExampleFilter.SERVLET_MAPPED</param-value>
</init-param>
</filter>
<filter>
<filter-name>Path Mapped Filter</filter-name>
<filter-class>filters.ExampleFilter</filter-class>
<init-param>
<param-name>attribute</param-name>
<param-value>filters.ExampleFilter.PATH_MAPPED</param-value>
</init-param>
</filter>
<filter>
<filter-name>Request Dumper Filter</filter-name>
<filter-class>filters.RequestDumperFilter</filter-class>
</filter>
<!-- Example filter to set character encoding on each request -->
<filter>
<filter-name>Set Character Encoding</filter-name>
<filter-class>filters.SetCharacterEncodingFilter</filter-class>
<init-param>
<param-name>encoding</param-name>
<param-value>EUC_JP</param-value>
</init-param>
</filter>
<filter>
<filter-name>Compression Filter</filter-name>
<filter-class>compressionFilters.CompressionFilter</filter-class>
<init-param>
<param-name>compressionThreshold</param-name>
<param-value>10</param-value>
</init-param>
<init-param>
<param-name>debug</param-name>
<param-value>0</param-value>
</init-param>
</filter>
<filter>
<filter-name>CAS Filter</filter-name>
<filter-class>edu.yale.its.tp.cas.client.filter.CASFilter</filter-class>
<init-param>
<param-name>edu.yale.its.tp.cas.client.filter.loginUrl</param-name>
<param-value>https://jordan.bccampus.ca/cas/login</param-value> <!-- :8443 -->
</init-param>
<init-param>
<param-name>edu.yale.its.tp.cas.client.filter.validateUrl</param-name>
<param-value>https://jordan.bccampus.ca/cas/serviceValidate</param-value> <!-- :8443 -->
</init-param>
<init-param>
<param-name>edu.yale.its.tp.cas.client.filter.serverName</param-name>
<param-value>jordan.bccampus.ca</param-value> <!-- :8080 -->
</init-param>
</filter>
<!-- Define filter mappings for the defined filters -->
<filter-mapping>
<filter-name>Servlet Mapped Filter</filter-name>
<servlet-name>invoker</servlet-name>
</filter-mapping>
<filter-mapping>
<filter-name>Path Mapped Filter</filter-name>
<url-pattern>/servlet/*</url-pattern>
</filter-mapping>
<filter-mapping>
<filter-name>CAS Filter</filter-name>
<url-pattern>/servlet/HelloWorldExample</url-pattern>
</filter-mapping>
<!-- Example filter mapping to apply the "Set Character Encoding" filter
to *all* requests processed by this web application -->
<!--
<filter-mapping>
<filter-name>Set Character Encoding</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>
-->
<!--
<filter-mapping>
<filter-name>Compression Filter</filter-name>
<url-pattern>/CompressionTest</url-pattern>
</filter-mapping>
-->
<!--
<filter-mapping>
<filter-name>Request Dumper Filter</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>
-->
<!-- Define example application events listeners -->
<listener>
<listener-class>listeners.ContextListener</listener-class>
</listener>
<listener>
<listener-class>listeners.SessionListener</listener-class>
</listener>
<!-- Define servlets that are included in the example application -->
<servlet>
<servlet-name>CompressionFilterTestServlet</servlet-name>
<servlet-class>compressionFilters.CompressionFilterTestServlet</servlet-class>
</servlet>
<servlet>
<servlet-name>HelloWorldExample</servlet-name>
<servlet-class>HelloWorldExample</servlet-class>
</servlet>
<servlet>
<servlet-name>RequestInfoExample</servlet-name>
<servlet-class>RequestInfoExample</servlet-class>
</servlet>
<servlet>
<servlet-name>RequestHeaderExample</servlet-name>
<servlet-class>RequestHeaderExample</servlet-class>
</servlet>
<servlet>
<servlet-name>RequestParamExample</servlet-name>
<servlet-class>RequestParamExample</servlet-class>
</servlet>
<servlet>
<servlet-name>CookieExample</servlet-name>
<servlet-class>CookieExample</servlet-class>
</servlet>
<servlet>
<servlet-name>SessionExample</servlet-name>
<servlet-class>SessionExample</servlet-class>
</servlet>
<servlet-mapping>
<servlet-name>CompressionFilterTestServlet</servlet-name>
<url-pattern>/CompressionTest</url-pattern>
</servlet-mapping>
<servlet-mapping>
<servlet-name>HelloWorldExample</servlet-name>
<url-pattern>/servlet/HelloWorldExample</url-pattern>
</servlet-mapping>
<servlet-mapping>
<servlet-name>RequestInfoExample</servlet-name>
<url-pattern>/servlet/RequestInfoExample/*</url-pattern>
</servlet-mapping>
<servlet-mapping>
<servlet-name>RequestHeaderExample</servlet-name>
<url-pattern>/servlet/RequestHeaderExample</url-pattern>
</servlet-mapping>
<servlet-mapping>
<servlet-name>RequestParamExample</servlet-name>
<url-pattern>/servlet/RequestParamExample</url-pattern>
</servlet-mapping>
<servlet-mapping>
<servlet-name>CookieExample</servlet-name>
<url-pattern>/servlet/CookieExample</url-pattern>
</servlet-mapping>
<servlet-mapping>
<servlet-name>SessionExample</servlet-name>
<url-pattern>/servlet/SessionExample</url-pattern>
</servlet-mapping>
<security-constraint>
<display-name>Example Security Constraint</display-name>
<web-resource-collection>
<web-resource-name>Protected Area</web-resource-name>
<!-- Define the context-relative URL(s) to be protected -->
<url-pattern>/jsp/security/protected/*</url-pattern>
<!-- If you list http methods, only those methods are protected -->
<http-method>DELETE</http-method>
<http-method>GET</http-method>
<http-method>POST</http-method>
<http-method>PUT</http-method>
</web-resource-collection>
<auth-constraint>
<!-- Anyone with one of the listed roles may access this area -->
<role-name>tomcat</role-name>
<role-name>role1</role-name>
</auth-constraint>
</security-constraint>
<!-- Default login configuration uses form-based authentication -->
<login-config>
<auth-method>FORM</auth-method>
<realm-name>Example Form-Based Authentication Area</realm-name>
<form-login-config>
<form-login-page>/jsp/security/protected/login.jsp</form-login-page>
<form-error-page>/jsp/security/protected/error.jsp</form-error-page>
</form-login-config>
</login-config>
<!-- Security roles referenced by this web application -->
<security-role>
<role-name>role1</role-name>
</security-role>
<security-role>
<role-name>tomcat</role-name>
</security-role>
<!-- Environment entry examples -->
<!--env-entry>
<env-entry-description>
The maximum number of tax exemptions allowed to be set.
</env-entry-description>
<env-entry-name>maxExemptions</env-entry-name>
<env-entry-value>15</env-entry-value>
<env-entry-type>java.lang.Integer</env-entry-type>
</env-entry-->
<env-entry>
<env-entry-name>minExemptions</env-entry-name>
<env-entry-type>java.lang.Integer</env-entry-type>
<env-entry-value>1</env-entry-value>
</env-entry>
<env-entry>
<env-entry-name>foo/name1</env-entry-name>
<env-entry-type>java.lang.String</env-entry-type>
<env-entry-value>value1</env-entry-value>
</env-entry>
<env-entry>
<env-entry-name>foo/bar/name2</env-entry-name>
<env-entry-type>java.lang.Boolean</env-entry-type>
<env-entry-value>true</env-entry-value>
</env-entry>
<env-entry>
<env-entry-name>name3</env-entry-name>
<env-entry-type>java.lang.Integer</env-entry-type>
<env-entry-value>1</env-entry-value>
</env-entry>
<env-entry>
<env-entry-name>foo/name4</env-entry-name>
<env-entry-type>java.lang.Integer</env-entry-type>
<env-entry-value>10</env-entry-value>
</env-entry>
</web-app>
Title: Apache Tomcat/5.5.23 - Error report
HTTP Status 500 -
type Exception report
message
description The server encountered an internal error () that prevented it from fulfilling this request.
exception
javax.servlet.ServletException: Unable to validate ProxyTicketValidator [[edu.yale.its.tp.cas.client.ProxyTicketValidator proxyList=[null] [edu.yale.its.tp.cas.client.ServiceTicketValidator casValidateUrl=[https://jordan.bccampus.ca/cas/serviceValidate] ticket=[ST-6-nvCOGCdgwpJsIuLSeD21-cas] service=[http%3A%2F%2Fjordan.bccampus.ca%2Fservlets-examples%2Fservlet%2FHelloWorldExample] renew=false]]] edu.yale.its.tp.cas.client.filter.CASFilter.doFilter(CASFilter.java:381) filters.ExampleFilter.doFilter(ExampleFilter.java:102)
root cause
edu.yale.its.tp.cas.client.CASAuthenticationException: Unable to validate ProxyTicketValidator [[edu.yale.its.tp.cas.client.ProxyTicketValidator proxyList=[null] [edu.yale.its.tp.cas.client.ServiceTicketValidator casValidateUrl=[https://jordan.bccampus.ca/cas/serviceValidate] ticket=[ST-6-nvCOGCdgwpJsIuLSeD21-cas] service=[http%3A%2F%2Fjordan.bccampus.ca%2Fservlets-examples%2Fservlet%2FHelloWorldExample] renew=false]]] edu.yale.its.tp.cas.client.CASReceipt.getReceipt(CASReceipt.java:52) edu.yale.its.tp.cas.client.filter.CASFilter.getAuthenticatedUser(CASFilter.java:455) edu.yale.its.tp.cas.client.filter.CASFilter.doFilter(CASFilter.java:378) filters.ExampleFilter.doFilter(ExampleFilter.java:102)
root cause
javax.net.ssl.SSLHandshakeException: com.ibm.jsse2.util.h: PKIX path building failed: java.security.cert.CertPathBuilderException: unable to find valid certification path to requested target com.ibm.jsse2.n.a(n.java:3) com.ibm.jsse2.jc.a(jc.java:501) com.ibm.jsse2.db.a(db.java:144) com.ibm.jsse2.db.a(db.java:416) com.ibm.jsse2.eb.a(eb.java:89) com.ibm.jsse2.eb.a(eb.java:291) com.ibm.jsse2.db.m(db.java:192) com.ibm.jsse2.db.a(db.java:79) com.ibm.jsse2.jc.a(jc.java:184) com.ibm.jsse2.jc.g(jc.java:257) com.ibm.jsse2.jc.a(jc.java:361) com.ibm.jsse2.jc.startHandshake(jc.java:304) com.ibm.net.ssl.www2.protocol.https.b.afterConnect(b.java:125) com.ibm.net.ssl.www2.protocol.https.c.connect(c.java:28) sun.net.www.protocol.http.HttpURLConnection.getInputStream(HttpURLConnection.java:959) com.ibm.net.ssl.www2.protocol.https.a.getInputStream(a.java:34) edu.yale.its.tp.cas.util.SecureURL.retrieve(SecureURL.java:84) edu.yale.its.tp.cas.client.ServiceTicketValidator.validate(ServiceTicketValidator.java:212) edu.yale.its.tp.cas.client.CASReceipt.getReceipt(CASReceipt.java:50) edu.yale.its.tp.cas.client.filter.CASFilter.getAuthenticatedUser(CASFilter.java:455) edu.yale.its.tp.cas.client.filter.CASFilter.doFilter(CASFilter.java:378) filters.ExampleFilter.doFilter(ExampleFilter.java:102)
root cause
com.ibm.jsse2.util.h: PKIX path building failed: java.security.cert.CertPathBuilderException: unable to find valid certification path to requested target com.ibm.jsse2.util.f.b(f.java:49) com.ibm.jsse2.util.f.b(f.java:16) com.ibm.jsse2.util.e.a(e.java:2) com.ibm.jsse2.yb.checkServerTrusted(yb.java:46) com.ibm.jsse2.hb.checkServerTrusted(hb.java:22) com.ibm.jsse2.eb.a(eb.java:8) com.ibm.jsse2.eb.a(eb.java:291) com.ibm.jsse2.db.m(db.java:192) com.ibm.jsse2.db.a(db.java:79) com.ibm.jsse2.jc.a(jc.java:184) com.ibm.jsse2.jc.g(jc.java:257) com.ibm.jsse2.jc.a(jc.java:361) com.ibm.jsse2.jc.startHandshake(jc.java:304) com.ibm.net.ssl.www2.protocol.https.b.afterConnect(b.java:125) com.ibm.net.ssl.www2.protocol.https.c.connect(c.java:28) sun.net.www.protocol.http.HttpURLConnection.getInputStream(HttpURLConnection.java:959) com.ibm.net.ssl.www2.protocol.https.a.getInputStream(a.java:34) edu.yale.its.tp.cas.util.SecureURL.retrieve(SecureURL.java:84) edu.yale.its.tp.cas.client.ServiceTicketValidator.validate(ServiceTicketValidator.java:212) edu.yale.its.tp.cas.client.CASReceipt.getReceipt(CASReceipt.java:50) edu.yale.its.tp.cas.client.filter.CASFilter.getAuthenticatedUser(CASFilter.java:455) edu.yale.its.tp.cas.client.filter.CASFilter.doFilter(CASFilter.java:378) filters.ExampleFilter.doFilter(ExampleFilter.java:102)
root cause
java.security.cert.CertPathBuilderException: unable to find valid certification path to requested target com.ibm.security.cert.PKIXCertPathBuilderImpl.buildCertPath(PKIXCertPathBuilderImpl.java:379) com.ibm.security.cert.PKIXCertPathBuilderImpl.engineBuild(PKIXCertPathBuilderImpl.java:195) java.security.cert.CertPathBuilder.build(CertPathBuilder.java:215) com.ibm.jsse2.util.f.b(f.java:82) com.ibm.jsse2.util.f.b(f.java:16) com.ibm.jsse2.util.e.a(e.java:2) com.ibm.jsse2.yb.checkServerTrusted(yb.java:46) com.ibm.jsse2.hb.checkServerTrusted(hb.java:22) com.ibm.jsse2.eb.a(eb.java:8) com.ibm.jsse2.eb.a(eb.java:291) com.ibm.jsse2.db.m(db.java:192) com.ibm.jsse2.db.a(db.java:79) com.ibm.jsse2.jc.a(jc.java:184) com.ibm.jsse2.jc.g(jc.java:257) com.ibm.jsse2.jc.a(jc.java:361) com.ibm.jsse2.jc.startHandshake(jc.java:304) com.ibm.net.ssl.www2.protocol.https.b.afterConnect(b.java:125) com.ibm.net.ssl.www2.protocol.https.c.connect(c.java:28) sun.net.www.protocol.http.HttpURLConnection.getInputStream(HttpURLConnection.java:959) com.ibm.net.ssl.www2.protocol.https.a.getInputStream(a.java:34) edu.yale.its.tp.cas.util.SecureURL.retrieve(SecureURL.java:84) edu.yale.its.tp.cas.client.ServiceTicketValidator.validate(ServiceTicketValidator.java:212) edu.yale.its.tp.cas.client.CASReceipt.getReceipt(CASReceipt.java:50) edu.yale.its.tp.cas.client.filter.CASFilter.getAuthenticatedUser(CASFilter.java:455) edu.yale.its.tp.cas.client.filter.CASFilter.doFilter(CASFilter.java:378) filters.ExampleFilter.doFilter(ExampleFilter.java:102)
note The full stack trace of the root cause is available in the Apache Tomcat/5.5.23 logs.
