It would be better if u send ur email in english. Date: Mon, 21 Feb 2011 09:02:31 +0000 From: [email protected] Subject: [cas-user] CAS SSO with Liferay in load balancer mode To: [email protected]
Bonsoir. J’ai eu un problème lors de la mise en prod d'une application a base de lifray 5.2.3 l'environnement du prod est constitué de 4 machines : machine front-end : java : jdk 1.5.0_09_b03 serveur apache : httpd-2.2.16 configurer en mode proxy a fin de gérer le load balancer deux instance de l'application tomcat 6.0.26 /CAS 3.4.3.1 : a fin d'intégrer la SSO. machine back-end 1: tomcat 6.0.18 /lifray 5.2.3 machine back-end 2: tomcat 6.0.18 /lifray 5.2.3 machine DB : Mysql,openLDAP pour l'intégration du CAS avec lifray ce dernier a besoin d'une connexion https, donc j'ai crée une certificat ssl sur la machine front-end a l'aide keytool comme suit : $JAVAHOME/keytool -genkey -alias tomcat -keyalg RSA $JAVAHOME/keytool -export -alias tomcat -file server.cert $JAVAHOME/keytool -import -alias tomcat -file server.cert -keystore $JAVAHOME/jre/lib/security/cacerts ainsi la configuration de lifray/CAS est la suivant : Autorisé : true URL d'accueil : https://xx.xx.xx.xx:8443/cas/login URL de déconnexion : https://xx.xx.xx.xx:8443/cas/logout Nom Du Serveur : http://xx.xx.xx.xx/c/portal/login Valider l'URL : https://xx.xx.xx.xx:8443/cas/proxyValidate après cette configuration j'essai d'accéder a l'application avec l'url : http://xx.xx.xx.xx/c/portal/login ,j'ai une redirection vers https://xx.xx.xx.xx:8443/cas/login ,une fois je saisie le login et mot de pass, j'ai l'erreur suivant si parmi vous les Sqlien quelle qu'un qui peut m'aider: HTTP Status 500 - type Exception report message description The server encountered an internal error () that prevented it from fulfilling this request. exception javax.servlet.ServletException: edu.yale.its.tp.cas.client.CASAuthenticationException: Unable to validate ProxyTicketValidator [[edu.yale.its.tp.cas.client.ProxyTicketValidator proxyList=[null] [edu.yale.its.tp.cas.client.ServiceTicketValidator casValidateUrl=[https://10.128.8.120:8443/cas/proxyValidate] ticket=[ST-3-lnjh6Y01NK5agNw5vBrl-cas] service=[http%3A%2F%2F10.128.8.120%2Fc%2Fportal%2Flogin] renew=false]]] edu.yale.its.tp.cas.client.filter.CASFilter.doFilter(CASFilter.java:381) com.liferay.portal.servlet.filters.sso.cas.CASFilter.processFilter(CASFilter.java:139) com.liferay.portal.kernel.servlet.BaseFilter.doFilter(BaseFilter.java:112) com.liferay.portal.kernel.servlet.BaseFilter.processFilter(BaseFilter.java:185) com.liferay.portal.servlet.filters.virtualhost.VirtualHostFilter.processFilter(VirtualHostFilter.java:182) com.liferay.portal.kernel.servlet.BaseFilter.doFilter(BaseFilter.java:112) com.liferay.portal.kernel.servlet.BaseFilter.processFilter(BaseFilter.java:185) com.liferay.portal.servlet.filters.threadlocalcache.ThreadLocalCacheFilter.processFilter(ThreadLocalCacheFilter.java:51) com.liferay.portal.kernel.servlet.BaseFilter.doFilter(BaseFilter.java:112) com.liferay.portal.kernel.servlet.BaseFilter.processFilter(BaseFilter.java:185) com.liferay.portal.kernel.servlet.BaseFilter.doFilter(BaseFilter.java:115) org.tuckey.web.filters.urlrewrite.UrlRewriteFilter.doFilter(UrlRewriteFilter.java:738) root cause edu.yale.its.tp.cas.client.CASAuthenticationException: Unable to validate ProxyTicketValidator [[edu.yale.its.tp.cas.client.ProxyTicketValidator proxyList=[null] [edu.yale.its.tp.cas.client.ServiceTicketValidator casValidateUrl=[https://10.128.8.120:8443/cas/proxyValidate] ticket=[ST-3-lnjh6Y01NK5agNw5vBrl-cas] service=[http%3A%2F%2F10.128.8.120%2Fc%2Fportal%2Flogin] renew=false]]] edu.yale.its.tp.cas.client.CASReceipt.getReceipt(CASReceipt.java:52) edu.yale.its.tp.cas.client.filter.CASFilter.getAuthenticatedUser(CASFilter.java:455) edu.yale.its.tp.cas.client.filter.CASFilter.doFilter(CASFilter.java:378) com.liferay.portal.servlet.filters.sso.cas.CASFilter.processFilter(CASFilter.java:139) com.liferay.portal.kernel.servlet.BaseFilter.doFilter(BaseFilter.java:112) com.liferay.portal.kernel.servlet.BaseFilter.processFilter(BaseFilter.java:185) com.liferay.portal.servlet.filters.virtualhost.VirtualHostFilter.processFilter(VirtualHostFilter.java:182) com.liferay.portal.kernel.servlet.BaseFilter.doFilter(BaseFilter.java:112) com.liferay.portal.kernel.servlet.BaseFilter.processFilter(BaseFilter.java:185) com.liferay.portal.servlet.filters.threadlocalcache.ThreadLocalCacheFilter.processFilter(ThreadLocalCacheFilter.java:51) com.liferay.portal.kernel.servlet.BaseFilter.doFilter(BaseFilter.java:112) com.liferay.portal.kernel.servlet.BaseFilter.processFilter(BaseFilter.java:185) com.liferay.portal.kernel.servlet.BaseFilter.doFilter(BaseFilter.java:115) org.tuckey.web.filters.urlrewrite.UrlRewriteFilter.doFilter(UrlRewriteFilter.java:738) root cause javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target com.sun.net.ssl.internal.ssl.Alerts.getSSLException(Alerts.java:150) com.sun.net.ssl.internal.ssl.SSLSocketImpl.fatal(SSLSocketImpl.java:1518) com.sun.net.ssl.internal.ssl.Handshaker.fatalSE(Handshaker.java:174) com.sun.net.ssl.internal.ssl.Handshaker.fatalSE(Handshaker.java:168) com.sun.net.ssl.internal.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:848) com.sun.net.ssl.internal.ssl.ClientHandshaker.processMessage(ClientHandshaker.java:106) com.sun.net.ssl.internal.ssl.Handshaker.processLoop(Handshaker.java:495) com.sun.net.ssl.internal.ssl.Handshaker.process_record(Handshaker.java:433) com.sun.net.ssl.internal.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:818) com.sun.net.ssl.internal.ssl.SSLSocketImpl.performInitialHandshake(SSLSocketImpl.java:1030) com.sun.net.ssl.internal.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1057) com.sun.net.ssl.internal.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1041) sun.net.www.protocol.https.HttpsClient.afterConnect(HttpsClient.java:402) sun.net.www.protocol.https.AbstractDelegateHttpsURLConnection.connect(AbstractDelegateHttpsURLConnection.java:170) sun.net.www.protocol.http.HttpURLConnection.getInputStream(HttpURLConnection.java:917) sun.net.www.protocol.https.HttpsURLConnectionImpl.getInputStream(HttpsURLConnectionImpl.java:234) edu.yale.its.tp.cas.util.SecureURL.retrieve(SecureURL.java:84) edu.yale.its.tp.cas.client.ServiceTicketValidator.validate(ServiceTicketValidator.java:212) edu.yale.its.tp.cas.client.CASReceipt.getReceipt(CASReceipt.java:50) edu.yale.its.tp.cas.client.filter.CASFilter.getAuthenticatedUser(CASFilter.java:455) edu.yale.its.tp.cas.client.filter.CASFilter.doFilter(CASFilter.java:378) com.liferay.portal.servlet.filters.sso.cas.CASFilter.processFilter(CASFilter.java:139) com.liferay.portal.kernel.servlet.BaseFilter.doFilter(BaseFilter.java:112) com.liferay.portal.kernel.servlet.BaseFilter.processFilter(BaseFilter.java:185) com.liferay.portal.servlet.filters.virtualhost.VirtualHostFilter.processFilter(VirtualHostFilter.java:182) com.liferay.portal.kernel.servlet.BaseFilter.doFilter(BaseFilter.java:112) com.liferay.portal.kernel.servlet.BaseFilter.processFilter(BaseFilter.java:185) com.liferay.portal.servlet.filters.threadlocalcache.ThreadLocalCacheFilter.processFilter(ThreadLocalCacheFilter.java:51) com.liferay.portal.kernel.servlet.BaseFilter.doFilter(BaseFilter.java:112) com.liferay.portal.kernel.servlet.BaseFilter.processFilter(BaseFilter.java:185) com.liferay.portal.kernel.servlet.BaseFilter.doFilter(BaseFilter.java:115) org.tuckey.web.filters.urlrewrite.UrlRewriteFilter.doFilter(UrlRewriteFilter.java:738) root cause sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:221) sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:145) sun.security.validator.Validator.validate(Validator.java:203) com.sun.net.ssl.internal.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:172) com.sun.net.ssl.internal.ssl.JsseX509TrustManager.checkServerTrusted(SSLContextImpl.java:320) com.sun.net.ssl.internal.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:841) com.sun.net.ssl.internal.ssl.ClientHandshaker.processMessage(ClientHandshaker.java:106) com.sun.net.ssl.internal.ssl.Handshaker.processLoop(Handshaker.java:495) com.sun.net.ssl.internal.ssl.Handshaker.process_record(Handshaker.java:433) com.sun.net.ssl.internal.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:818) com.sun.net.ssl.internal.ssl.SSLSocketImpl.performInitialHandshake(SSLSocketImpl.java:1030) com.sun.net.ssl.internal.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1057) com.sun.net.ssl.internal.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1041) sun.net.www.protocol.https.HttpsClient.afterConnect(HttpsClient.java:402) sun.net.www.protocol.https.AbstractDelegateHttpsURLConnection.connect(AbstractDelegateHttpsURLConnection.java:170) sun.net.www.protocol.http.HttpURLConnection.getInputStream(HttpURLConnection.java:917) sun.net.www.protocol.https.HttpsURLConnectionImpl.getInputStream(HttpsURLConnectionImpl.java:234) edu.yale.its.tp.cas.util.SecureURL.retrieve(SecureURL.java:84) edu.yale.its.tp.cas.client.ServiceTicketValidator.validate(ServiceTicketValidator.java:212) edu.yale.its.tp.cas.client.CASReceipt.getReceipt(CASReceipt.java:50) edu.yale.its.tp.cas.client.filter.CASFilter.getAuthenticatedUser(CASFilter.java:455) edu.yale.its.tp.cas.client.filter.CASFilter.doFilter(CASFilter.java:378) com.liferay.portal.servlet.filters.sso.cas.CASFilter.processFilter(CASFilter.java:139) com.liferay.portal.kernel.servlet.BaseFilter.doFilter(BaseFilter.java:112) com.liferay.portal.kernel.servlet.BaseFilter.processFilter(BaseFilter.java:185) com.liferay.portal.servlet.filters.virtualhost.VirtualHostFilter.processFilter(VirtualHostFilter.java:182) com.liferay.portal.kernel.servlet.BaseFilter.doFilter(BaseFilter.java:112) com.liferay.portal.kernel.servlet.BaseFilter.processFilter(BaseFilter.java:185) com.liferay.portal.servlet.filters.threadlocalcache.ThreadLocalCacheFilter.processFilter(ThreadLocalCacheFilter.java:51) com.liferay.portal.kernel.servlet.BaseFilter.doFilter(BaseFilter.java:112) com.liferay.portal.kernel.servlet.BaseFilter.processFilter(BaseFilter.java:185) com.liferay.portal.kernel.servlet.BaseFilter.doFilter(BaseFilter.java:115) org.tuckey.web.filters.urlrewrite.UrlRewriteFilter.doFilter(UrlRewriteFilter.java:738) root cause sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target sun.security.provider.certpath.SunCertPathBuilder.engineBuild(SunCertPathBuilder.java:236) java.security.cert.CertPathBuilder.build(CertPathBuilder.java:194) sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:216) sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:145) sun.security.validator.Validator.validate(Validator.java:203) com.sun.net.ssl.internal.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:172) com.sun.net.ssl.internal.ssl.JsseX509TrustManager.checkServerTrusted(SSLContextImpl.java:320) com.sun.net.ssl.internal.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:841) com.sun.net.ssl.internal.ssl.ClientHandshaker.processMessage(ClientHandshaker.java:106) com.sun.net.ssl.internal.ssl.Handshaker.processLoop(Handshaker.java:495) com.sun.net.ssl.internal.ssl.Handshaker.process_record(Handshaker.java:433) com.sun.net.ssl.internal.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:818) com.sun.net.ssl.internal.ssl.SSLSocketImpl.performInitialHandshake(SSLSocketImpl.java:1030) com.sun.net.ssl.internal.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1057) com.sun.net.ssl.internal.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1041) sun.net.www.protocol.https.HttpsClient.afterConnect(HttpsClient.java:402) sun.net.www.protocol.https.AbstractDelegateHttpsURLConnection.connect(AbstractDelegateHttpsURLConnection.java:170) sun.net.www.protocol.http.HttpURLConnection.getInputStream(HttpURLConnection.java:917) sun.net.www.protocol.https.HttpsURLConnectionImpl.getInputStream(HttpsURLConnectionImpl.java:234) edu.yale.its.tp.cas.util.SecureURL.retrieve(SecureURL.java:84) edu.yale.its.tp.cas.client.ServiceTicketValidator.validate(ServiceTicketValidator.java:212) edu.yale.its.tp.cas.client.CASReceipt.getReceipt(CASReceipt.java:50) edu.yale.its.tp.cas.client.filter.CASFilter.getAuthenticatedUser(CASFilter.java:455) edu.yale.its.tp.cas.client.filter.CASFilter.doFilter(CASFilter.java:378) com.liferay.portal.servlet.filters.sso.cas.CASFilter.processFilter(CASFilter.java:139) com.liferay.portal.kernel.servlet.BaseFilter.doFilter(BaseFilter.java:112) com.liferay.portal.kernel.servlet.BaseFilter.processFilter(BaseFilter.java:185) com.liferay.portal.servlet.filters.virtualhost.VirtualHostFilter.processFilter(VirtualHostFilter.java:182) com.liferay.portal.kernel.servlet.BaseFilter.doFilter(BaseFilter.java:112) com.liferay.portal.kernel.servlet.BaseFilter.processFilter(BaseFilter.java:185) com.liferay.portal.servlet.filters.threadlocalcache.ThreadLocalCacheFilter.processFilter(ThreadLocalCacheFilter.java:51) com.liferay.portal.kernel.servlet.BaseFilter.doFilter(BaseFilter.java:112) com.liferay.portal.kernel.servlet.BaseFilter.processFilter(BaseFilter.java:185) com.liferay.portal.kernel.servlet.BaseFilter.doFilter(BaseFilter.java:115) org.tuckey.web.filters.urlrewrite.UrlRewriteFilter.doFilter(UrlRewriteFilter.java:738) note The full stack trace of the root cause is available in the Apache Tomcat/6.0.18 logs. Apache Tomcat/6.0.1 -- You are currently subscribed to [email protected] as: [email protected] To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user -- You are currently subscribed to [email protected] as: [email protected] To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user
