On Wed, Jan 20, 2010 at 9:21 AM, Giuseppe Sollazzo <[email protected]>wrote:
> Maybe I'm missing something here so forgive my possibly stupid issue :-) > > I'm actually calling the logout entrypoint directly from the browser, to > test it, entering https://myserver/cas-server-webapp-3.3.3/logout. There's > no application involved. Isn't it supposed to work anyway? > Who ever said it didn't work? Part of the process is calling BACK to your applications programmatically to let them know the session ended. CAS doesn't trust the application endpoint when its trying to call back (i.e. you're using a self-signed certificate). > > Giuseppe > > Scott Battaglia wrote: > >> What you're seeing is CAS trying to call back to your services to let them >> know that the CAS session ended. One of the endpoints for your applications >> has a certificate that disagrees with CAS :-) >> >> >> >> On Wed, Jan 20, 2010 at 6:07 AM, Giuseppe Sollazzo >> <[email protected]<mailto: >> [email protected]>> wrote: >> >> Hi everyone, >> I've got a seemingly working install of CAS on Moodle now, after >> solving some issues with phpCAS. >> Nonetheless I get an exception when using logout from CAS, >> invoking https://myserver/cas-server-webapp-3.3.3/logout >> >> I guess this is related to using phpCAS::setNoCasServerValidation()? >> >> Thanks, >> Giuseppe >> >> 2010-01-20 10:55:49,626 ERROR [org.jasig.cas.util.HttpClient] - >> <javax.net.ssl.SSLHandshakeException: >> sun.security.validator.ValidatorException: PKIX path validation >> failed: java.security.cert.CertPathValidatorException: basic >> constraints check failed: pathLenConstraint violated - this cert >> must be the last cert in the certification path> >> javax.net.ssl.SSLHandshakeException: >> sun.security.validator.ValidatorException: PKIX path validation >> failed: java.security.cert.CertPathValidatorException: basic >> constraints check failed: pathLenConstraint violated - this cert >> must be the last cert in the certification path >> at com.sun.net.ssl.internal.ssl.Alerts.getSSLException(Unknown >> Source) >> at com.sun.net.ssl.internal.ssl.SSLSocketImpl.fatal(Unknown Source) >> at com.sun.net.ssl.internal.ssl.Handshaker.fatalSE(Unknown Source) >> at com.sun.net.ssl.internal.ssl.Handshaker.fatalSE(Unknown Source) >> at >> com.sun.net.ssl.internal.ssl.ClientHandshaker.serverCertificate(Unknown >> Source) >> at >> com.sun.net.ssl.internal.ssl.ClientHandshaker.processMessage(Unknown >> Source) >> at com.sun.net.ssl.internal.ssl.Handshaker.processLoop(Unknown >> Source) >> at >> com.sun.net.ssl.internal.ssl.Handshaker.process_record(Unknown Source) >> at com.sun.net.ssl.internal.ssl.SSLSocketImpl.readRecord(Unknown >> Source) >> at >> >> com.sun.net.ssl.internal.ssl.SSLSocketImpl.performInitialHandshake(Unknown >> Source) >> at >> com.sun.net.ssl.internal.ssl.SSLSocketImpl.startHandshake(Unknown >> Source) >> at >> com.sun.net.ssl.internal.ssl.SSLSocketImpl.startHandshake(Unknown >> Source) >> at sun.net.www.protocol.https.HttpsClient.afterConnect(Unknown >> Source) >> at >> >> >> sun.net.www.protocol.https.AbstractDelegateHttpsURLConnection.connect(Unknown >> Source) >> at >> sun.net.www.protocol.http.HttpURLConnection.followRedirect(Unknown >> Source) >> at >> sun.net.www.protocol.http.HttpURLConnection.getInputStream(Unknown >> Source) >> at >> >> sun.net.www.protocol.https.HttpsURLConnectionImpl.getInputStream(Unknown >> Source) >> at >> org.jasig.cas.util.HttpClient$MessageSender.call(HttpClient.java:200) >> at >> org.jasig.cas.util.HttpClient$MessageSender.call(HttpClient.java:160) >> at java.util.concurrent.FutureTask$Sync.innerRun(Unknown Source) >> at java.util.concurrent.FutureTask.run(Unknown Source) >> at >> java.util.concurrent.ThreadPoolExecutor$Worker.runTask(Unknown Source) >> at java.util.concurrent.ThreadPoolExecutor$Worker.run(Unknown >> Source) >> at java.lang.Thread.run(Unknown Source) >> Caused by: sun.security.validator.ValidatorException: PKIX path >> validation failed: java.security.cert.CertPathValidatorException: >> basic constraints check failed: pathLenConstraint violated - this >> cert must be the last cert in the certification path >> at sun.security.validator.PKIXValidator.doValidate(Unknown Source) >> at sun.security.validator.PKIXValidator.doValidate(Unknown Source) >> at sun.security.validator.PKIXValidator.engineValidate(Unknown >> Source) >> at sun.security.validator.Validator.validate(Unknown Source) >> at >> com.sun.net.ssl.internal.ssl.X509TrustManagerImpl.validate(Unknown >> Source) >> at >> >> com.sun.net.ssl.internal.ssl.X509TrustManagerImpl.checkServerTrusted(Unknown >> Source) >> at >> >> com.sun.net.ssl.internal.ssl.X509TrustManagerImpl.checkServerTrusted(Unknown >> Source) >> ... 20 more >> Caused by: java.security.cert.CertPathValidatorException: basic >> constraints check failed: pathLenConstraint violated - this cert >> must be the last cert in the certification path >> at >> >> sun.security.provider.certpath.PKIXMasterCertPathValidator.validate(Unknown >> Source) >> at >> sun.security.provider.certpath.PKIXCertPathValidator.doValidate(Unknown >> Source) >> at >> >> sun.security.provider.certpath.PKIXCertPathValidator.engineValidate(Unknown >> Source) >> at java.security.cert.CertPathValidator.validate(Unknown Source) >> ... 27 more >> >> -- Giuseppe Sollazzo >> Systems Developer / Administrator >> >> Computing Services >> St. George's, University of London >> >> >> -- You are currently subscribed to [email protected] >> <mailto:[email protected]> as: [email protected] >> <mailto:[email protected]> >> >> To unsubscribe, change settings or access archives, see >> http://www.ja-sig.org/wiki/display/JSG/cas-user >> >> >> -- >> You are currently subscribed to [email protected] as: >> [email protected] >> >> To unsubscribe, change settings or access archives, see >> http://www.ja-sig.org/wiki/display/JSG/cas-user >> > > > -- > Giuseppe Sollazzo > Systems Developer / Administrator > > Computing Services > St. George's, University of London > > > -- > You are currently subscribed to [email protected] as: > [email protected] > To unsubscribe, change settings or access archives, see > http://www.ja-sig.org/wiki/display/JSG/cas-user > -- You are currently subscribed to [email protected] as: [email protected] To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user
