> The problem is below:
>
>> keyStore is :
/usr/lib/jvm/java-6-sun-1.6.0.20/jre/lib/security/cacerts
>>
keyStore type is : BKS
>> keyStore provider is :
>>
init keystore
>> default context init failed:
java.security.KeyStoreException: BKS not
>> found
>
> The BKS keystore type is for the Bouncy Castle crypto provider.
> Change to JKS and that should resolve that particular problem.
It's
> interesting that you appear to have a good TLS handshake in
your SSL
> trace, which I would not expect based on the keystore
type problem.
I realized this and changed BKS by JKS, and now
i'm getting this output in the log file when trying to login:
http-8443-1, READ: TLSv1 Application Data, length = 944
2010-08-17
19:16:47,052 DEBUG
[org.jasig.cas.adaptors.ldap.FastBindLdapAuthenticationHandler] -
<Performing LDAP bind with credential:
uid=joell,ou=People,dc=mydomain,dc=org>
%% No cached client
session
*** ClientHello, TLSv1
RandomCookie: GMT:
1281999615 bytes = { 68, 22, 97, 44, 230, 231, 151, 74, 68, 24, 187, 241,
235, 72, 196, 58, 97, 136, 96, 205, 86, 156, 159, 89, 76, 20, 79, 103 }
Session ID: {}
Cipher Suites: [SSL_RSA_WITH_RC4_128_MD5,
SSL_RSA_WITH_RC4_128_SHA, TLS_RSA_WITH_AES_128_CBC_SHA,
TLS_DHE_RSA_WITH_AES_128_CBC_SHA, TLS_DHE_DSS_WITH_AES_128_CBC_SHA,
SSL_RSA_WITH_3DES_EDE_CBC_SHA, SSL_DHE_RSA_WITH_3DES_EDE_CBC_SHA,
SSL_DHE_DSS_WITH_3DES_EDE_CBC_SHA, SSL_RSA_WITH_DES_CBC_SHA,
SSL_DHE_RSA_WITH_DES_CBC_SHA, SSL_DHE_DSS_WITH_DES_CBC_SHA,
SSL_RSA_EXPORT_WITH_RC4_40_MD5, SSL_RSA_EXPORT_WITH_DES40_CBC_SHA,
SSL_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA,
SSL_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA]
Compression Methods: { 0
}
***
http-8443-1, WRITE: TLSv1 Handshake, length = 73
http-8443-1, WRITE: SSLv2 client hello message, length = 98
http-8443-1, received EOFException: error
http-8443-1, handling
exception: javax.net.ssl.SSLHandshakeException: Remote host closed
connection during handshake
http-8443-1, SEND TLSv1 ALERT:
fatal, description = handshake_failure
http-8443-1, WRITE: TLSv1
Alert, length = 2
http-8443-1, called closeSocket()
2010-08-17
19:16:47,056 INFO [org.jasig.cas.authentication.AuthenticationManagerImpl]
- <AuthenticationHandler:
org.jasig.cas.adaptors.ldap.FastBindLdapAuthenticationHandler failed to
authenticate the user which provided the following credentials: [username:
joel]>
2010-08-17 19:16:47,056 DEBUG
[org.jasig.cas.web.support.CasArgumentExtractor] - <Extractor did not
generate service.>
2010-08-17 19:16:47,060 DEBUG
[org.jasig.cas.web.support.SamlArgumentExtractor] - <Extractor did not
generate service.>
http-8443-1, WRITE: TLSv1 Application Data,
length = 288
http-8443-1, WRITE: TLSv1 Application Data, length =
5200
It seems that there is some problem with the certificates
(cause the EOF error), but i don't understand i imported LDAP and CA
certificates (i'm using self-signed certificates) into JVM keystore and
even when i do: keytool -list -keystore
$JAVA_HOME/jre/lib/security/cacerts both of them appear as
trustedCertEntry.
> M
>
> --
> You are currently subscribed to [email protected] as:
> [email protected]
> To unsubscribe, change settings
or access archives, see
>
http://www.ja-sig.org/wiki/display/JSG/cas-user
>
--
You are currently subscribed to [email protected] as:
[email protected]
To unsubscribe, change settings or access archives, see
http://www.ja-sig.org/wiki/display/JSG/cas-user
