Hey, Scott,
Thanks a lot for the suggestion. I finally found the error log....I was looking
into a wrong managed server....But unfortunately, it didn't make me feel
better: I feel confused about the error log. Here is the error log from my
client application. There are no error on CAS server at all.
<Aug 10, 2010 9:53:09 AM CDT> <Error> <HTTP> <BEA-101020>
<[servletcont...@13966198[app:casClient module:casClient.war path:/casClient
spec-version:2.5]] Servlet failed with Exception
java.lang.RuntimeException: javax.net.ssl.SSLKeyException: FATAL
Alert:BAD_CERTIFICATE - A corrupt or unuseable certificate was received.
at
org.jasig.cas.client.util.CommonUtils.getResponseFromServer(CommonUtils.java:295)
at
org.jasig.cas.client.validation.AbstractCasProtocolUrlBasedTicketValidator.retrieveResponseFromServer(AbstractCasProtocolUrlBasedTicketValidator.java:33)
at
org.jasig.cas.client.validation.AbstractUrlBasedTicketValidator.validate(AbstractUrlBasedTicketValidator.java:178)
at
org.jasig.cas.client.validation.AbstractTicketValidationFilter.doFilter(AbstractTicketValidationFilter.java:132)
at
weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.java:56)
Truncated. see log file for complete stacktrace
javax.net.ssl.SSLKeyException: FATAL Alert:BAD_CERTIFICATE - A corrupt or
unuseable certificate was received.
at
com.certicom.tls.interfaceimpl.TLSConnectionImpl.fireException(Unknown Source)
at
com.certicom.tls.interfaceimpl.TLSConnectionImpl.fireAlertSent(Unknown Source)
at com.certicom.tls.record.handshake.HandshakeHandler.fireAlert(Unknown
Source)
at
com.certicom.tls.record.handshake.HandshakeHandler.handleHandshakeMessages(Unknown
Source)
at com.certicom.tls.record.MessageInterpreter.interpretContent(Unknown
Source)
Truncated. see log file for complete stacktrace
Looks like there are something wrong with certificate. But the whole system
works very well if I don't use web proxy. Any suggestion? Thank you very much
in advance....
--Jiangpeng Shi
>>> Scott Battaglia <[email protected]> 8/9/2010 9:06 PM >>>
If you've got a server 500 error then there should be some error message in
the logs.
Cheers,
Scott
On Mon, Aug 9, 2010 at 7:16 PM, Jiangpeng Shi <
[email protected]> wrote:
> I just installed CAS server and some client applications under weblogic
> server. There are all works very well when I config them with real server
> name. But now I got some issues which I totally have no clue....
>
> Here is my situation: The CAS server and client apps are deployed on same
> box, and same Application server (Weblogic server) but using different
> managed node.
> So the CAS server's url is: https://cas.mydomain.edu:7001/cas
>
> and Client apps' url are something like:
> https://cas.mydomain.edu:7005/casClient etc.
>
> If I use this url in my client configuration file, then everything works
> very well. But now I need to user a web proxy server to redirect request
> alias url to those real url:
>
> For example, the alias for cas server is: http://server1.utsw.edu/cas This
> URL will be redirected to https://cas.mydomain.edu:7001/cas automatically
> by web proxy server; and
> http://server1.utsw.edu/casClient will be redirected to
> https://cas.mydomain.edu:7005/casClient, etc.
>
> After I configure the web proxy, the first part seems fine: when I type in
> http://server1.utsw.edu/casClient , I was successfully redirected client
> page, and when I try to access some pages which need authenticated, I was
> successfully redirected to cas server's login page. But after input the user
> name and password, then I got Error 500 -Internal server error..... I'm
> pretty sure the authentication is passed and I can tell the page has been
> redirectd back based on registered service name, like:
>
>
> https://server1.utsw.edu/casClient/protected/index.jsp?ticket=ST-34-SbrHsjZAQbjcxfbBFwKl-cas
>
>
> I can access all pages which are not filtered by Authentication
> filter.....and from cas log, there are no any exceptions....
>
>
> Here is my web.xml in client app:
>
>
>
> <filter>
> <filter-name>CAS Authentication Filter</filter-name>
>
>
>
> <filter-class>org.jasig.cas.client.authentication.AuthenticationFilter</filter-class>
>
> <init-param>
> <param-name>casServerLoginUrl</param-name>
>
> <param-value>https://server1.utsw.edu/cas/login
> </param-value>
> </init-param>
>
> <init-param>
> <param-name>serverName</param-name>
>
> <param-value>https://server1.utsw.edu</param-value>
> </init-param>
>
> <init-param>
> <param-name>renew</param-name>
> <param-value>false</param-value>
> </init-param>
> <init-param>
> <param-name>gateway</param-name>
> <param-value>false</param-value>
> </init-param>
> </filter>
>
> <filter>
> <filter-name>CAS Validation Filter</filter-name>
>
>
> <filter-class>org.jasig.cas.client.validation.Cas20ProxyReceivingTicketValidationFilter</filter-class>
> <init-param>
> <param-name>casServerUrlPrefix</param-name>
>
> <param-value>https://server1.utsw.edu/cas/
> </param-value>
> </init-param>
> <init-param>
> <param-name>serverName</param-name>
>
> <param-value>https://server1.utsw.edu/casClient
> </param-value>
> </init-param>
>
> <!--
> <init-param>
> <param-name>proxyCallbackUrl</param-name>
>
> <param-value>https://server1.utsw.edu/casClient
> </param-value>
> </init-param>
> <init-param>
> <param-name>proxyReceptorUrl</param-name>
> <param-value>https://server1.utsw.edu/casClient
> </param-value>
> </init-param>
> -->
>
> </filter>
>
> <filter>
> <filter-name>CAS HttpServletRequest Wrapper
> Filter</filter-name>
>
>
> <filter-class>org.jasig.cas.client.util.HttpServletRequestWrapperFilter</filter-class>
> </filter>
>
> <filter>
> <filter-name>CAS Assertion Thread Local Filter</filter-name>
>
>
> <filter-class>org.jasig.cas.client.util.AssertionThreadLocalFilter</filter-class>
> </filter>
>
>
> <filter-mapping>
> <filter-name>CAS Authentication Filter</filter-name>
> <url-pattern>/protected/*</url-pattern>
> </filter-mapping>
>
>
> <filter-mapping>
> <filter-name>CAS Validation Filter</filter-name>
> <url-pattern>/*</url-pattern>
> </filter-mapping>
>
> <filter-mapping>
> <filter-name>CAS HttpServletRequest Wrapper
> Filter</filter-name>
> <url-pattern>/*</url-pattern>
> </filter-mapping>
>
> <filter-mapping>
> <filter-name>CAS Assertion Thread Local Filter</filter-name>
> <url-pattern>/*</url-pattern>
> </filter-mapping>
>
> <filter-mapping>
> <filter-name>CAS Validation Filter</filter-name>
> <url-pattern>/proxyCallback</url-pattern>
> </filter-mapping>
>
>
> Any suggestions are highly apprecitated! Thanks a lot in advance....
>
> --Jiangpeng Shi
>
> --
> You are currently subscribed to [email protected] as:
> [email protected]
> To unsubscribe, change settings or access archives, see
> http://www.ja-sig.org/wiki/display/JSG/cas-user
>
>
--
You are currently subscribed to [email protected] as:
[email protected]
To unsubscribe, change settings or access archives, see
http://www.ja-sig.org/wiki/display/JSG/cas-user
--
You are currently subscribed to [email protected] as:
[email protected]
To unsubscribe, change settings or access archives, see
http://www.ja-sig.org/wiki/display/JSG/cas-user
