I am trying to set up authentication between CAS and a java app running
Spring Security. I have the Spring Security sample app working fine.
Accessing a protected resource in my app sends the user to CAS to login.
After submitting the username/login, the following appears on the
application console:
2010-03-15 13:38:54,209 DEBUG [FilterChainProxy.java:176] : Converted URL to
lowercase, from: '/j_spring_cas_security_check'; to:
'/j_spring_cas_security_check'
2010-03-15 13:38:54,209 DEBUG [FilterChainProxy.java:183] : Candidate is:
'/j_spring_cas_security_check'; pattern is /**; matched=true
2010-03-15 13:38:54,209 DEBUG [FilterChainProxy.java:351] :
/j_spring_cas_security_check?ticket=ST-2-v2PGCXkcce2zBSGDk2Gl-cas at
position 1 of 10 in additional filter chain; firing Filter:
'org.springframework.security.web.access.channel.channelprocessingfil...@1bc
2e06'
2010-03-15 13:38:54,209 DEBUG
[DefaultFilterInvocationSecurityMetadataSource.java:177] : Converted URL to
lowercase, from: '/j_spring_cas_security_check'; to:
'/j_spring_cas_security_check'
2010-03-15 13:38:54,209 DEBUG
[DefaultFilterInvocationSecurityMetadataSource.java:204] : Candidate is:
'/j_spring_cas_security_check'; pattern is /secure/extreme/**; matched=false
2010-03-15 13:38:54,209 DEBUG [FilterChainProxy.java:351] :
/j_spring_cas_security_check?ticket=ST-2-v2PGCXkcce2zBSGDk2Gl-cas at
position 2 of 10 in additional filter chain; firing Filter:
'org.springframework.security.web.context.securitycontextpersistencefil...@1
7193fc'
2010-03-15 13:38:54,209 DEBUG [CommonsLogger.java:57] : Entering
nullPropertyValue
[target=[com.opensymphony.xwork2.defaulttextprovi...@7d5b6e],
property=__spring_security_scpf_applied]
2010-03-15 13:38:54,209 DEBUG
[HttpSessionSecurityContextRepository.java:142] : HttpSession returned null
object for SPRING_SECURITY_CONTEXT
2010-03-15 13:38:54,209 DEBUG [HttpSessionSecurityContextRepository.java:88]
: No SecurityContext was available from the HttpSession:
org.mortbay.jetty.servlet.HashSessionManager$Session:6p95x6amy...@30085752.
A new one will be created.
2010-03-15 13:38:54,209 DEBUG [FilterChainProxy.java:351] :
/j_spring_cas_security_check?ticket=ST-2-v2PGCXkcce2zBSGDk2Gl-cas at
position 3 of 10 in additional filter chain; firing Filter:
'org.springframework.security.web.authentication.logout.logoutfil...@115798c
'
2010-03-15 13:38:54,209 DEBUG [FilterChainProxy.java:351] :
/j_spring_cas_security_check?ticket=ST-2-v2PGCXkcce2zBSGDk2Gl-cas at
position 4 of 10 in additional filter chain; firing Filter:
'org.springframework.security.cas.web.casauthenticationfil...@df0c3a'
2010-03-15 13:38:54,209 DEBUG
[AbstractAuthenticationProcessingFilter.java:194] : Request is to process
authentication
2010-03-15 13:38:54,209 DEBUG [ProviderManager.java:118] : Authentication
attempt using
org.springframework.security.cas.authentication.CasAuthenticationProvider
2010-03-15 13:38:54,443 ERROR
[AbstractCasProtocolUrlBasedTicketValidator.java:49] :
javax.net.ssl.SSLHandshakeException:
sun.security.validator.ValidatorException: PKIX path building failed:
sun.security.provider.certpath.SunCertPathBuilderException: unable to find
valid certification path to requested target
javax.net.ssl.SSLHandshakeException:
sun.security.validator.ValidatorException: PKIX path building failed:
sun.security.provider.certpath.SunCertPathBuilderException: unable to find
valid certification path to requested target
at
com.sun.net.ssl.internal.ssl.Alerts.getSSLException(Alerts.java:174)
The only difference I can see between the keystore/truststore I created and
the one included in the sample app is that in mine, both keys provided are
the same, while there is two keys in the sample app's keystore/truststore.
I have tried using the SSL keystore/truststore used in the sample app, but I
have the same error as when I use my own keys. I don't understand why the
keys supplied work fine for the sample app, but using the exact same keys
for my app causing the above error message.
Can anyone help clarify what steps I need to take to resolve the SSL
certificate problem?
Regards,
Lance Hill
--
You are currently subscribed to [email protected] as:
[email protected]
To unsubscribe, change settings or access archives, see
http://www.ja-sig.org/wiki/display/JSG/cas-user
