> CAS Server has a thawte signed certificate, Liferay server has the cert > expectedly add to cacerts and the debug shows it in the trust list
It's likely a proxy callback issue with the portal attempting to request a proxy ticket and CAS fails to validate the proxy callback URL presented by the portal. In that case the CAS _server_ must trust the certificate presented by the portal, so you'd need to import the cert of the portal into the CAS server truststore. If other services are working against this new CAS instance, I think that's further evidence since the portal is likely the only one that is requesting proxy. M -- You are currently subscribed to [email protected] as: [email protected] To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user
