Re: [cas-user] edu.yale.its.tp.cas.client.CASAuthenticationException: Unable to validate ProxyTicketValidator

Fri, 25 Mar 2011 14:55:25 -0700 

On Fri, 25 Mar 2011, mike wrote:


Hey everyone its your favorite poster! :)
I'm setting up Alfresco to auth with CAS and i have added all the required CERTS into the cacerts, I've got CAS server already validating agianst AD, I've got alfresco up and running on its own. I changed the filters in alfresco to use cas for authing. When i go to the alfresco login page it redirects me to CAS and if i enter the incorrect user info, it'll tell me that the user isn't valid. When i enter hte correct info, however, it gives me the below error. The cas.log doesn't show any errors, this is from the alfresco tomcat logs. I've searched online and have completed all suggestions of certificaiton issues, adding the ip's to the system32/drivers/etc/hosts file, checking ports, etc etc.... does anyone else have any suggestions? this is driving me insane! Thanks all for your patients and kindness! 


edu.yale.its.tp.cas.client.CASAuthenticationException: Unable to validate 
ProxyTicketValidator [[edu.yale.its.tp.cas.client.ProxyTicketValidator 
proxyList=[null] [edu.yale.its.tp.cas.client.ServiceTicketValidator 
casValidateUrl=[https://122.143.4.205:8443/cas/serviceValidate] 
ticket=[ST-1-ZmikwgPnKzVwXBM6eHGz-cas] 
service=[http%3A%2F%2F122.143.4.202%3A8080%2Falfresco%2Ffaces%2Fjsp%2Flogin.jsp]
 renew=false]]]
caused by:
javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: 
PKIX path building failed: 
sun.security.provider.certpath.SunCertPathBuilderException: unable to find 
valid certification path to requested target
caused by:
sun.security.validator.ValidatorException: PKIX path building failed: 
sun.security.provider.certpath.SunCertPathBuilderException: unable to find 
valid certification path to requested target
caused by:
sun.security.provider.certpath.SunCertPathBuilderException: unable to find 
valid certification path to requested target
Hide Details
You're using an IP address instead of a hostname, so the CAS client is unable to validate the server certificate. 

        Andy

--
You are currently subscribed to [email protected] as: 
[email protected]
To unsubscribe, change settings or access archives, see 
http://www.ja-sig.org/wiki/display/JSG/cas-user

Reply via email to