Thankx for the replies guys. yes, i do know the error is being caused for some certificate validation failure but i am not sure how to avoid it. well http is not an option for me coz i need the single sign on to work properly. at the moment cas is working fine with drupal and koha(a web based library management system). only trouble is, if someone logs inside drupal using cas, he/she needs to click the login button again inside koha for logging in there, though no user/pass is required in that stage. so to avoid such situation, i am trying to work out the proxy granting ticket option and i am stuck with this right now. i did try making a certificate based on my hostname and adding it to the truststore, but in that case, the log error message tells me that there is no valid certificate found for the path. still i will try it out again tomorrow. i am not sure if i am getting these errors cause of my local ip/host names though.
Regards, Auninda On Tue, Dec 20, 2011 at 6:42 PM, Andrew Petro <[email protected]> wrote: > Auninda, > > I don't think this is going to work. > > > pgtUrl=https://192.168.1.242:8443/test.html > > You'll need to identify 192.168.1.242 by a hostname that its SSL > certificate authenticates, so that when CAS attempts to itself do an HTTPS > GET request to that URL it is able to successfully validate the SSL > certificate. Currently CAS isn't coping with the SSL handshake with that > callback URL, such that the callback is failing. Since CAS failed to vend > a pgtIou, pgtId pair to that URL, it doesn't include the PGTIOU in the > /cas/serviceValidate response. > > You can either use a hostname and an SSL cert that authenticates that > hostname, or you can disable the HTTPS requirement and exercise the whole > thing over HTTP (for demo purposes only, since not using HTTPS is terribly > insecure, of course). > > Kind regards, > > Andrew > > > > On Dec 20, 2011, at 6:32 AM, Auninda Rumy Saleque wrote: > > > Hello, > > i am apologizing beforehand for a lengthy message. I am having trouble > generating proxy tickets following this tutorial: > > > > https://wiki.jasig.org/display/CAS/Proxy+CAS+Walkthrough. > > > > Heres my scenario: > > > > my cas server link is this: > > https://192.168.1.242:8443/cas > > > > link of my web service using cas is: > > https://192.168.2.95/cgi-bin/koha/opac-user.pl > > > > while trying out the cas proxy tutorial, i executed the following link > for getting back a validated pgt: > > > > > https://192.168.1.242:8443/cas/serviceValidate?ticket=ST-1-D5AfJ2wXKGW7boxQqdcD-cas&service=https://192.168.2.95/cgi-bin/koha/opac-user.pl&pgtUrl=https://192.168.1.242:8443/test.html > > > > and the return xml gives me a successful authentication with only the > user name but i could not find any PGT with it. > > > > i traced back the cas.log file and i found the following error(part of > the log is given in the following and the complete log is attached): > > > > 2011-12-20 12:33:03,817 ERROR [org.jasig.cas.util.HttpClient] - > java.security.cert.CertificateException: No subject alternative names > > present > > javax.net.ssl.SSLHandshakeException: > > java.security.cert.CertificateException: No subject alternative names > > present > > at sun.security.ssl.Alerts.getSSLException(Alerts.java:192) > > at sun.security.ssl.SSLSocketImpl.fatal(SSLSocketImpl.java:1639) > > at sun.security.ssl.Handshaker.fatalSE(Handshaker.java:215) > > at sun.security.ssl.Handshaker.fatalSE(Handshaker.java:209) > > at > sun.security.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:1033) > > at > sun.security.ssl.ClientHandshaker.processMessage(ClientHandshaker.java:146) > > at sun.security.ssl.Handshaker.processLoop(Handshaker.java:546) > > at sun.security.ssl.Handshaker.process_record(Handshaker.java:482) > > at > sun.security.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:904) > > at > sun.security.ssl.SSLSocketImpl.performInitialHandshake(SSLSocketImpl.java:1140) > > at > sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1167) > > at > sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1151) > > at > sun.net.www.protocol.https.HttpsClient.afterConnect(HttpsClient.java:423) > > at > sun.net.www.protocol.https.AbstractDelegateHttpsURLConnection.connect(AbstractDelegateHttpsURLConnection.java:185) > > at > sun.net.www.protocol.https.HttpsURLConnectionImpl.connect(HttpsURLConnectionImpl.java:153) > > at > org.jasig.cas.util.HttpClient.isValidEndPoint_aroundBody4(HttpClient.java:109) > > at > org.jasig.cas.util.HttpClient.isValidEndPoint_aroundBody5$advice(HttpClient.java:44) > > at > org.jasig.cas.util.HttpClient.isValidEndPoint(HttpClient.java:1) > > ---- > > apart from the above error everything else is working fine. > > > > now my queries are: > > -> are there any extra configurations i need to make for receiving back > the PGTs? > > - > the callback url (pgtUrl=https://192.168.1.242:8443/test.html) i > am using, is there anything wrong with it or does it have to be something > specific? > > > > i did add my cas server certificate to the cas server's jvm, so that the > call back url does not fail authenticating but still i am getting the > error. > > > > I am using cas server 3.4.11 and i am testing these setups using local > ip. Any help will be greatly appreciated. > > > > Thank you. > > > > -- > > Auninda Rumy Saleque > > Asst. System Programmer > > Ayesha Abed Library > > BRAC University > > Dhaka, Bangladesh > > > > > > -- > > You are currently subscribed to [email protected] as: > [email protected] > > To unsubscribe, change settings or access archives, see > http://www.ja-sig.org/wiki/display/JSG/cas-user > > <cas.log> > > > -- > You are currently subscribed to [email protected] as: > [email protected] > To unsubscribe, change settings or access archives, see > http://www.ja-sig.org/wiki/display/JSG/cas-user > > -- Auninda Rumy Saleque Asst. System Programmer Ayesha Abed Library BRAC University Dhaka, Bangladesh -- You are currently subscribed to [email protected] as: [email protected] To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user
