Hello everyone,
I set up a CAS 3.4.6 server in Tomcat 7.0.5 from XAMPP pack, on Windows 7
X64. When I tried to move this same setup to a system running Win 7 x86. I
used copy / paste. XAMPP can be copied like that, in my knowledge. After I
setup again https comunication in tomcat everything works fine until I get
to validate my credentials against the LDAP, Apache DS set up following your
instructions at:
https://wiki.jasig.org/display/CASUM/CAS+on+Windows+Quick+Setup+Guide
If I type in a wrong combination of credentials it works fine letting me
know that my credentials are wrong. but when i type in the correct ones, i
get the following error
( catalina.log ) :
29.05.2011 20:15:05 org.apache.catalina.core.AprLifecycleListener init
INFO: The APR based Apache Tomcat Native library which allows optimal
performance in production environments was not found on the
java.library.path: D:\Program
Files\Java\jdk1.6.0_24\bin;.;C:\Windows\Sun\Java\bin;C:\Windows\system32;C:\Windows;C:\Program
Files\PC Connectivity
Solution\;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;D:\Program
Files\ATI Technologies\ATI.ACE\Core-Static
29.05.2011 20:15:06 org.apache.catalina.startup.SetAllPropertiesRule begin
WARNING: [SetAllPropertiesRule]{Server/Service/Connector} Setting property
'maxSpareThreads' to '75' did not find a matching property.
29.05.2011 20:15:06 org.apache.coyote.http11.Http11Protocol init
INFO: Initializing Coyote HTTP/1.1 on http-8080
29.05.2011 20:15:07 org.apache.coyote.http11.Http11Protocol init
INFO: Initializing Coyote HTTP/1.1 on http-8443
29.05.2011 20:15:07 org.apache.coyote.ajp.AjpProtocol init
INFO: Initializing Coyote AJP/1.3 on ajp-8009
29.05.2011 20:15:07 org.apache.catalina.startup.Catalina load
INFO: Initialization processed in 1516 ms
29.05.2011 20:15:07 org.apache.catalina.core.StandardService startInternal
INFO: Starting service Catalina
29.05.2011 20:15:07 org.apache.catalina.core.StandardEngine startInternal
INFO: Starting Servlet Engine: Apache Tomcat/7.0.5
29.05.2011 20:15:07 org.apache.catalina.startup.HostConfig deployDirectory
INFO: Deploying web application directory cas
29.05.2011 20:15:18 org.apache.catalina.startup.HostConfig deployDirectory
INFO: Deploying web application directory casclient1
29.05.2011 20:15:18 org.apache.catalina.startup.HostConfig deployDirectory
INFO: Deploying web application directory CasSpringsecurityExample
29.05.2011 20:15:18 org.apache.catalina.startup.HostConfig deployDirectory
INFO: Deploying web application directory docs
29.05.2011 20:15:19 org.apache.catalina.startup.HostConfig deployDirectory
INFO: Deploying web application directory examples
29.05.2011 20:15:19 org.apache.catalina.startup.TaglibUriRule body
INFO: TLD skipped. URI: /SimpleTagLibrary is already defined
29.05.2011 20:15:19 org.apache.catalina.startup.TaglibUriRule body
INFO: TLD skipped. URI: http://tomcat.apache.org/example-taglib is already
defined
29.05.2011 20:15:20 org.apache.catalina.startup.HostConfig deployDirectory
INFO: Deploying web application directory host-manager
29.05.2011 20:15:20 org.apache.catalina.startup.HostConfig deployDirectory
INFO: Deploying web application directory manager
29.05.2011 20:15:20 org.apache.catalina.startup.HostConfig deployDirectory
INFO: Deploying web application directory ROOT
29.05.2011 20:15:20 org.apache.catalina.startup.HostConfig deployDirectory
INFO: Deploying web application directory spring-security-cas
29.05.2011 20:15:21 org.apache.coyote.http11.Http11Protocol start
INFO: Starting Coyote HTTP/1.1 on http-8080
29.05.2011 20:15:21 org.apache.coyote.http11.Http11Protocol start
INFO: Starting Coyote HTTP/1.1 on http-8443
29.05.2011 20:15:21 org.apache.coyote.ajp.AjpProtocol start
INFO: Starting Coyote AJP/1.3 on ajp-8009
29.05.2011 20:15:21 org.apache.catalina.startup.Catalina start
INFO: Server startup in 13913 ms
29.05.2011 20:15:40 edu.yale.its.tp.cas.client.CASReceipt getReceipt
SEVERE: edu.yale.its.tp.cas.client.CASAuthenticationException: Unable to
validate ProxyTicketValidator
[[edu.yale.its.tp.cas.client.ProxyTicketValidator proxyList=[null]
[edu.yale.its.tp.cas.client.ServiceTicketValidator casValidateUrl=[
https://localhost:8443/cas/serviceValidate]
ticket=[ST-1-7rggFSeF5fjS4dfywGi5-cas]
service=[https%3A%2F%2Flocalhost%3A8443%2Fexamples%2Fservlets%2Fservlet%2FRequestInfoExample]
renew=false]]]
29.05.2011 20:15:40 edu.yale.its.tp.cas.client.filter.CASFilter doFilter
SEVERE: edu.yale.its.tp.cas.client.CASAuthenticationException: Unable to
validate ProxyTicketValidator
[[edu.yale.its.tp.cas.client.ProxyTicketValidator proxyList=[null]
[edu.yale.its.tp.cas.client.ServiceTicketValidator casValidateUrl=[
https://localhost:8443/cas/serviceValidate]
ticket=[ST-1-7rggFSeF5fjS4dfywGi5-cas]
service=[https%3A%2F%2Flocalhost%3A8443%2Fexamples%2Fservlets%2Fservlet%2FRequestInfoExample]
renew=false]]]
29.05.2011 20:15:48 org.apache.catalina.core.StandardServer await
INFO: A valid shutdown command was received via the shutdown port. Stopping
the Server instance.
29.05.2011 20:15:49 org.apache.coyote.http11.AbstractHttp11Protocol pause
INFO: Pausing Coyote HTTP/1.1 on http-8080
29.05.2011 20:15:50 org.apache.coyote.http11.AbstractHttp11Protocol pause
INFO: Pausing Coyote HTTP/1.1 on http-8443
29.05.2011 20:15:51 org.apache.coyote.ajp.AbstractAjpProtocol pause
INFO: Pausing Coyote AJP/1.3 on ajp-8009
29.05.2011 20:15:51 org.apache.catalina.core.StandardService stopInternal
INFO: Stopping service Catalina
29.05.2011 20:16:11 org.apache.catalina.loader.WebappClassLoader
clearReferencesThreads
SEVERE: The web application [/cas] appears to have started a thread named
[Thread-2] but has failed to stop it. This is very likely to create a memory
leak.
29.05.2011 20:16:11 org.apache.catalina.loader.WebappClassLoader
clearReferencesThreads
SEVERE: The web application [/cas] appears to have started a thread named
[Thread-4] but has failed to stop it. This is very likely to create a memory
leak.
29.05.2011 20:16:11 org.apache.coyote.http11.AbstractHttp11Protocol stop
INFO: Stopping Coyote HTTP/1.1 on http-8080
29.05.2011 20:16:11 org.apache.coyote.http11.AbstractHttp11Protocol stop
INFO: Stopping Coyote HTTP/1.1 on http-8443
29.05.2011 20:16:11 org.apache.coyote.ajp.AbstractAjpProtocol stop
INFO: Stopping Coyote AJP/1.3 on ajp-8009
( localhost.log ) is next:
29.05.2011 20:15:08 org.apache.catalina.core.ApplicationContext log
INFO: Initializing log4j from [classpath:log4j.xml]
29.05.2011 20:15:08 org.apache.catalina.core.ApplicationContext log
INFO: Initializing Spring root WebApplicationContext
29.05.2011 20:15:15 org.apache.catalina.core.ApplicationContext log
INFO: Initializing Spring FrameworkServlet 'cas'
29.05.2011 20:15:20 org.apache.catalina.core.ApplicationContext log
INFO: ContextListener: contextInitialized()
29.05.2011 20:15:20 org.apache.catalina.core.ApplicationContext log
INFO: SessionListener: contextInitialized()
29.05.2011 20:15:33 org.apache.catalina.core.ApplicationContext log
INFO: SessionListener: sessionCreated('2CFC2EE5FB95BFAE20F185AA59988437')
29.05.2011 20:15:33 org.apache.catalina.core.ApplicationContext log
INFO: SessionListener: attributeAdded('2CFC2EE5FB95BFAE20F185AA59988437',
'edu.yale.its.tp.cas.client.filter.didGateway', 'true')
29.05.2011 20:15:40 org.apache.catalina.core.StandardWrapperValve invoke
SEVERE: Servlet.service() for servlet [RequestInfoExample] in context with
path [/examples] threw exception
[edu.yale.its.tp.cas.client.CASAuthenticationException: Unable to validate
ProxyTicketValidator [[edu.yale.its.tp.cas.client.ProxyTicketValidator
proxyList=[null] [edu.yale.its.tp.cas.client.ServiceTicketValidator
casValidateUrl=[https://localhost:8443/cas/serviceValidate]
ticket=[ST-1-7rggFSeF5fjS4dfywGi5-cas]
service=[https%3A%2F%2Flocalhost%3A8443%2Fexamples%2Fservlets%2Fservlet%2FRequestInfoExample]
renew=false]]]] with root cause
sun.security.provider.certpath.SunCertPathBuilderException: unable to find
valid certification path to requested target
at
sun.security.provider.certpath.SunCertPathBuilder.engineBuild(SunCertPathBuilder.java:174)
at java.security.cert.CertPathBuilder.build(CertPathBuilder.java:238)
at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:318)
at
sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:217)
at sun.security.validator.Validator.validate(Validator.java:218)
at
com.sun.net.ssl.internal.ssl.X509TrustManagerImpl.validate(X509TrustManagerImpl.java:126)
at
com.sun.net.ssl.internal.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:209)
at
com.sun.net.ssl.internal.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:249)
at
com.sun.net.ssl.internal.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:1185)
at
com.sun.net.ssl.internal.ssl.ClientHandshaker.processMessage(ClientHandshaker.java:136)
at com.sun.net.ssl.internal.ssl.Handshaker.processLoop(Handshaker.java:593)
at
com.sun.net.ssl.internal.ssl.Handshaker.process_record(Handshaker.java:529)
at
com.sun.net.ssl.internal.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:893)
at
com.sun.net.ssl.internal.ssl.SSLSocketImpl.performInitialHandshake(SSLSocketImpl.java:1138)
at
com.sun.net.ssl.internal.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1165)
at
com.sun.net.ssl.internal.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1149)
at sun.net.www.protocol.https.HttpsClient.afterConnect(HttpsClient.java:434)
at
sun.net.www.protocol.https.AbstractDelegateHttpsURLConnection.connect(AbstractDelegateHttpsURLConnection.java:166)
at
sun.net.www.protocol.http.HttpURLConnection.getInputStream(HttpURLConnection.java:1172)
at
sun.net.www.protocol.https.HttpsURLConnectionImpl.getInputStream(HttpsURLConnectionImpl.java:234)
at edu.yale.its.tp.cas.util.SecureURL.retrieve(SecureURL.java:84)
at
edu.yale.its.tp.cas.client.ServiceTicketValidator.validate(ServiceTicketValidator.java:212)
at edu.yale.its.tp.cas.client.CASReceipt.getReceipt(CASReceipt.java:50)
at
edu.yale.its.tp.cas.client.filter.CASFilter.getAuthenticatedUser(CASFilter.java:455)
at edu.yale.its.tp.cas.client.filter.CASFilter.doFilter(CASFilter.java:378)
at
org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:244)
at
org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:210)
at
org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:240)
at
org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:161)
at
org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:468)
at
org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:164)
at
org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:108)
at org.apache.catalina.valves.AccessLogValve.invoke(AccessLogValve.java:558)
at
org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:118)
at
org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:379)
at
org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:243)
at
org.apache.coyote.http11.Http11Protocol$Http11ConnectionHandler.process(Http11Protocol.java:259)
at
org.apache.tomcat.util.net.JIoEndpoint$SocketProcessor.run(JIoEndpoint.java:281)
at
java.util.concurrent.ThreadPoolExecutor$Worker.runTask(ThreadPoolExecutor.java:886)
at
java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:908)
at java.lang.Thread.run(Thread.java:662)
29.05.2011 20:15:51 org.apache.catalina.core.ApplicationContext log
INFO: Closing Spring root WebApplicationContext
29.05.2011 20:15:51 org.apache.catalina.core.ApplicationContext log
INFO: Shutting down log4j
29.05.2011 20:16:11 org.apache.catalina.core.ApplicationContext log
INFO: SessionListener: contextDestroyed()
29.05.2011 20:16:11 org.apache.catalina.core.ApplicationContext log
INFO: ContextListener: contextDestroyed()
(and last, the messages I get in my Browser, Google Chrome):
type Exception report
message
description The server encountered an internal error () that prevented it
from fulfilling this request.
exception
javax.servlet.ServletException:
edu.yale.its.tp.cas.client.CASAuthenticationException: Unable to validate
ProxyTicketValidator [[edu.yale.its.tp.cas.client.ProxyTicketValidator
proxyList=[null] [edu.yale.its.tp.cas.client.ServiceTicketValidator
casValidateUrl=[https://localhost:8443/cas/serviceValidate]
ticket=[ST-1-uC7hCTp5JgCQQzgsQROi-cas]
service=[https%3A%2F%2Flocalhost%3A8443%2Fexamples%2Fservlets%2Fservlet%2FHelloWorldExample]
renew=false]]]
edu.yale.its.tp.cas.client.filter.CASFilter.doFilter(CASFilter.java:381)
root cause
edu.yale.its.tp.cas.client.CASAuthenticationException: Unable to validate
ProxyTicketValidator [[edu.yale.its.tp.cas.client.ProxyTicketValidator
proxyList=[null] [edu.yale.its.tp.cas.client.ServiceTicketValidator
casValidateUrl=[https://localhost:8443/cas/serviceValidate]
ticket=[ST-1-uC7hCTp5JgCQQzgsQROi-cas]
service=[https%3A%2F%2Flocalhost%3A8443%2Fexamples%2Fservlets%2Fservlet%2FHelloWorldExample]
renew=false]]]
edu.yale.its.tp.cas.client.CASReceipt.getReceipt(CASReceipt.java:52)
edu.yale.its.tp.cas.client.filter.CASFilter.getAuthenticatedUser(CASFilter.java:455)
edu.yale.its.tp.cas.client.filter.CASFilter.doFilter(CASFilter.java:378)
root cause
javax.net.ssl.SSLHandshakeException:
sun.security.validator.ValidatorException: PKIX path building failed:
sun.security.provider.certpath.SunCertPathBuilderException: unable to find
valid certification path to requested target
com.sun.net.ssl.internal.ssl.Alerts.getSSLException(Alerts.java:174)
com.sun.net.ssl.internal.ssl.SSLSocketImpl.fatal(SSLSocketImpl.java:1649)
com.sun.net.ssl.internal.ssl.Handshaker.fatalSE(Handshaker.java:241)
com.sun.net.ssl.internal.ssl.Handshaker.fatalSE(Handshaker.java:235)
com.sun.net.ssl.internal.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:1206)
com.sun.net.ssl.internal.ssl.ClientHandshaker.processMessage(ClientHandshaker.java:136)
com.sun.net.ssl.internal.ssl.Handshaker.processLoop(Handshaker.java:593)
com.sun.net.ssl.internal.ssl.Handshaker.process_record(Handshaker.java:529)
com.sun.net.ssl.internal.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:893)
com.sun.net.ssl.internal.ssl.SSLSocketImpl.performInitialHandshake(SSLSocketImpl.java:1138)
com.sun.net.ssl.internal.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1165)
com.sun.net.ssl.internal.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1149)
sun.net.www.protocol.https.HttpsClient.afterConnect(HttpsClient.java:434)
sun.net.www.protocol.https.AbstractDelegateHttpsURLConnection.connect(AbstractDelegateHttpsURLConnection.java:166)
sun.net.www.protocol.http.HttpURLConnection.getInputStream(HttpURLConnection.java:1172)
sun.net.www.protocol.https.HttpsURLConnectionImpl.getInputStream(HttpsURLConnectionImpl.java:234)
edu.yale.its.tp.cas.util.SecureURL.retrieve(SecureURL.java:84)
edu.yale.its.tp.cas.client.ServiceTicketValidator.validate(ServiceTicketValidator.java:212)
edu.yale.its.tp.cas.client.CASReceipt.getReceipt(CASReceipt.java:50)
edu.yale.its.tp.cas.client.filter.CASFilter.getAuthenticatedUser(CASFilter.java:455)
edu.yale.its.tp.cas.client.filter.CASFilter.doFilter(CASFilter.java:378)
root cause
sun.security.validator.ValidatorException: PKIX path building failed:
sun.security.provider.certpath.SunCertPathBuilderException: unable to find
valid certification path to requested target
sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:323)
sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:217)
sun.security.validator.Validator.validate(Validator.java:218)
com.sun.net.ssl.internal.ssl.X509TrustManagerImpl.validate(X509TrustManagerImpl.java:126)
com.sun.net.ssl.internal.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:209)
com.sun.net.ssl.internal.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:249)
com.sun.net.ssl.internal.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:1185)
com.sun.net.ssl.internal.ssl.ClientHandshaker.processMessage(ClientHandshaker.java:136)
com.sun.net.ssl.internal.ssl.Handshaker.processLoop(Handshaker.java:593)
com.sun.net.ssl.internal.ssl.Handshaker.process_record(Handshaker.java:529)
com.sun.net.ssl.internal.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:893)
com.sun.net.ssl.internal.ssl.SSLSocketImpl.performInitialHandshake(SSLSocketImpl.java:1138)
com.sun.net.ssl.internal.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1165)
com.sun.net.ssl.internal.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1149)
sun.net.www.protocol.https.HttpsClient.afterConnect(HttpsClient.java:434)
sun.net.www.protocol.https.AbstractDelegateHttpsURLConnection.connect(AbstractDelegateHttpsURLConnection.java:166)
sun.net.www.protocol.http.HttpURLConnection.getInputStream(HttpURLConnection.java:1172)
sun.net.www.protocol.https.HttpsURLConnectionImpl.getInputStream(HttpsURLConnectionImpl.java:234)
edu.yale.its.tp.cas.util.SecureURL.retrieve(SecureURL.java:84)
edu.yale.its.tp.cas.client.ServiceTicketValidator.validate(ServiceTicketValidator.java:212)
edu.yale.its.tp.cas.client.CASReceipt.getReceipt(CASReceipt.java:50)
edu.yale.its.tp.cas.client.filter.CASFilter.getAuthenticatedUser(CASFilter.java:455)
edu.yale.its.tp.cas.client.filter.CASFilter.doFilter(CASFilter.java:378)
root cause
sun.security.provider.certpath.SunCertPathBuilderException: unable to find
valid certification path to requested target
sun.security.provider.certpath.SunCertPathBuilder.engineBuild(SunCertPathBuilder.java:174)
java.security.cert.CertPathBuilder.build(CertPathBuilder.java:238)
sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:318)
sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:217)
sun.security.validator.Validator.validate(Validator.java:218)
com.sun.net.ssl.internal.ssl.X509TrustManagerImpl.validate(X509TrustManagerImpl.java:126)
com.sun.net.ssl.internal.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:209)
com.sun.net.ssl.internal.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:249)
com.sun.net.ssl.internal.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:1185)
com.sun.net.ssl.internal.ssl.ClientHandshaker.processMessage(ClientHandshaker.java:136)
com.sun.net.ssl.internal.ssl.Handshaker.processLoop(Handshaker.java:593)
com.sun.net.ssl.internal.ssl.Handshaker.process_record(Handshaker.java:529)
com.sun.net.ssl.internal.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:893)
com.sun.net.ssl.internal.ssl.SSLSocketImpl.performInitialHandshake(SSLSocketImpl.java:1138)
com.sun.net.ssl.internal.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1165)
com.sun.net.ssl.internal.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1149)
sun.net.www.protocol.https.HttpsClient.afterConnect(HttpsClient.java:434)
sun.net.www.protocol.https.AbstractDelegateHttpsURLConnection.connect(AbstractDelegateHttpsURLConnection.java:166)
sun.net.www.protocol.http.HttpURLConnection.getInputStream(HttpURLConnection.java:1172)
sun.net.www.protocol.https.HttpsURLConnectionImpl.getInputStream(HttpsURLConnectionImpl.java:234)
edu.yale.its.tp.cas.util.SecureURL.retrieve(SecureURL.java:84)
edu.yale.its.tp.cas.client.ServiceTicketValidator.validate(ServiceTicketValidator.java:212)
edu.yale.its.tp.cas.client.CASReceipt.getReceipt(CASReceipt.java:50)
edu.yale.its.tp.cas.client.filter.CASFilter.getAuthenticatedUser(CASFilter.java:455)
edu.yale.its.tp.cas.client.filter.CASFilter.doFilter(CASFilter.java:378)
note The full stack trace of the root cause is available in the Apache
Tomcat/7.0.5 logs.
Hope you can give me some ideas, because I don't know what's wrong...
--
You are currently subscribed to [email protected] as:
[email protected]
To unsubscribe, change settings or access archives, see
http://www.ja-sig.org/wiki/display/JSG/cas-user
