Resolved. It was a Liferay/Migration issue.
Previously to version 6 liferay had a property "cas.validate.url" which point to your cas server and the full url to proxyValidate, Liferay has now depreciated this property and added "cas.server.url" which is basically the same value except they append /proxyValidate to it. Unfortunately the official Liferay admin manual still documents the old properties, the GUI screen for setting up cas inside the control panel has the new fields with no explanation of the usage, the migration didn't convert the depreciated property to the new property, and even the comments in the source property file doesn't document the change. -Andrew On Feb 21, 2011, at 12:26 PM, Marvin Addison wrote: >> CAS Server has a thawte signed certificate, Liferay server has the cert >> expectedly add to cacerts and the debug shows it in the trust list > > It's likely a proxy callback issue with the portal attempting to > request a proxy ticket and CAS fails to validate the proxy callback > URL presented by the portal. In that case the CAS _server_ must trust > the certificate presented by the portal, so you'd need to import the > cert of the portal into the CAS server truststore. If other services > are working against this new CAS instance, I think that's further > evidence since the portal is likely the only one that is requesting > proxy. > > M > > -- > You are currently subscribed to [email protected] as: > [email protected] > To unsubscribe, change settings or access archives, see > http://www.ja-sig.org/wiki/display/JSG/cas-user -- You are currently subscribed to [email protected] as: [email protected] To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user
