Geo, Looks like your using the IP address of your CAS server in your configuration which does not match the name specified in your CAS certificate. Try using the name specified in the cert. -Michael On Wed, Feb 8, 2012 at 2:09 AM, Geo PC <[email protected]> wrote:
> Hi Andrew > > Thank you very much. I can able to add ClearPass and CAS is working fine. > But now we are using PWM (http://code.google.com/p/pwm/ ) and for this we > configured ClearPass. Now this PWM is redirecting to CAS and able to login > with ldap users but after login in PWM we are getting > java.lang.RuntimeException: javax.net.ssl.SSLHandshakeException error: > > Please see the detailed error log: > -------------------------------- > > 2012-02-08 12:34:16,216 INFO > [com.github.inspektr.audit.support.Slf4jLoggingAuditTrailManager] - <Audit > trail record BEGIN > ============================================================= > WHO: [username: anas] > WHAT: supplied credentials: [username: anas] > ACTION: AUTHENTICATION_SUCCESS > APPLICATION: CAS > WHEN: Wed Feb 08 12:34:16 IST 2012 > CLIENT IP ADDRESS: 192.168.1.75 > SERVER IP ADDRESS: 192.168.1.115 > ============================================================= > > > > 2012-02-08 12:34:16,222 INFO > [com.github.inspektr.audit.support.Slf4jLoggingAuditTrailManager] - <Audit > trail record BEGIN > ============================================================= > WHO: [username: anas] > WHAT: TGT-1-w3qJ9h9HGqXCTiLQhxiYJap0cGeMmXMIVnPyMfKE6eyN9bF1QJ-cas > ACTION: TICKET_GRANTING_TICKET_CREATED > APPLICATION: CAS > WHEN: Wed Feb 08 12:34:16 IST 2012 > CLIENT IP ADDRESS: 192.168.1.75 > SERVER IP ADDRESS: 192.168.1.115 > ============================================================= > > > > 2012-02-08 12:34:16,231 INFO > [org.jasig.cas.CentralAuthenticationServiceImpl] - <Granted service ticket > [ST-1-hNfFg6AI73zbypulyMIJ-cas] for service [ > https://192.168.1.115:8443/pwm/private/Login] for user [anas]> > 2012-02-08 12:34:16,232 INFO > [com.github.inspektr.audit.support.Slf4jLoggingAuditTrailManager] - <Audit > trail record BEGIN > ============================================================= > WHO: anas > WHAT: ST-1-hNfFg6AI73zbypulyMIJ-cas for > https://192.168.1.115:8443/pwm/private/Login > ACTION: SERVICE_TICKET_CREATED > APPLICATION: CAS > WHEN: Wed Feb 08 12:34:16 IST 2012 > CLIENT IP ADDRESS: 192.168.1.75 > SERVER IP ADDRESS: 192.168.1.115 > ============================================================= > > > > 2012-02-08 12:34:16, TRACE, pwm.EventManager, {br} http session created > 2012-02-08 12:34:16, DEBUG, session.SingleSignOutHandler, Recording > session for token ST-1-hNfFg6AI73zbypulyMIJ-cas > 2012-02-08 12:34:16, DEBUG, session.HashMapBackedSessionMappingStorage, > Attempting to remove Session=[E7DD47DBBF9BA180A5EEB5502AA54DE7] > 2012-02-08 12:34:16, DEBUG, session.HashMapBackedSessionMappingStorage, No > mapping for session found. Ignoring. > 2012-02-08 12:34:16, DEBUG, > validation.Cas20ProxyReceivingTicketValidationFilter, Attempting to > validate ticket: ST-1-hNfFg6AI73zbypulyMIJ-cas > 2012-02-08 12:34:16, DEBUG, util.CommonUtils, serviceUrl generated: > https://192.168.1.115:8443/pwm/private/Login;jsessionid=E7DD47DBBF9BA180A5EEB5502AA54DE7 > 2012-02-08<https://192.168.1.115:8443/pwm/private/Login;jsessionid=E7DD47DBBF9BA180A5EEB5502AA54DE72012-02-08>12:34:16, > DEBUG, validation.Cas20ServiceTicketValidator, Placing URL > parameters in map. > 2012-02-08 12:34:16, DEBUG, validation.Cas20ServiceTicketValidator, > Calling template URL attribute map. > 2012-02-08 12:34:16, DEBUG, validation.Cas20ServiceTicketValidator, > Loading custom parameters from configuration. > 2012-02-08 12:34:16, DEBUG, validation.Cas20ServiceTicketValidator, > Constructing validation url: > https://192.168.1.115:8443/cas/serviceValidate?pgtUrl=https%3A%2F%2F192.168.1.115%3A8443%2Fpwm%2FproxyCallback&ticket=ST-1-hNfFg6AI73zbypulyMIJ-cas&service=https%3A%2F%2F192.168.1.115%3A8443%2Fpwm%2Fprivate%2FLogin%3Bjsessionid%3DE7DD47DBBF9BA180A5EEB5502AA54DE7 > 2012-02-08<https://192.168.1.115:8443/cas/serviceValidate?pgtUrl=https%3A%2F%2F192.168.1.115%3A8443%2Fpwm%2FproxyCallback&ticket=ST-1-hNfFg6AI73zbypulyMIJ-cas&service=https%3A%2F%2F192.168.1.115%3A8443%2Fpwm%2Fprivate%2FLogin%3Bjsessionid%3DE7DD47DBBF9BA180A5EEB5502AA54DE72012-02-08>12:34:16, > DEBUG, validation.Cas20ServiceTicketValidator, Retrieving > response from server. > 2012-02-08 12:34:16, ERROR, util.CommonUtils, > java.security.cert.CertificateException: No subject alternative names > present > javax.net.ssl.SSLHandshakeException: > java.security.cert.CertificateException: No subject alternative names > present > at > com.sun.net.ssl.internal.ssl.Alerts.getSSLException(Alerts.java:174) > at > com.sun.net.ssl.internal.ssl.SSLSocketImpl.fatal(SSLSocketImpl.java:1649) > at > com.sun.net.ssl.internal.ssl.Handshaker.fatalSE(Handshaker.java:241) > at > com.sun.net.ssl.internal.ssl.Handshaker.fatalSE(Handshaker.java:235) > at > com.sun.net.ssl.internal.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:1206) > at > com.sun.net.ssl.internal.ssl.ClientHandshaker.processMessage(ClientHandshaker.java:136) > at > com.sun.net.ssl.internal.ssl.Handshaker.processLoop(Handshaker.java:593) > at > com.sun.net.ssl.internal.ssl.Handshaker.process_record(Handshaker.java:529) > at > com.sun.net.ssl.internal.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:893) > at > com.sun.net.ssl.internal.ssl.SSLSocketImpl.performInitialHandshake(SSLSocketImpl.java:1138) > at > com.sun.net.ssl.internal.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1165) > at > com.sun.net.ssl.internal.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1149) > at > sun.net.www.protocol.https.HttpsClient.afterConnect(HttpsClient.java:434) > at > sun.net.www.protocol.https.AbstractDelegateHttpsURLConnection.connect(AbstractDelegateHttpsURLConnection.java:166) > at > sun.net.www.protocol.http.HttpURLConnection.getInputStream(HttpURLConnection.java:1172) > at > sun.net.www.protocol.https.HttpsURLConnectionImpl.getInputStream(HttpsURLConnectionImpl.java:234) > at > org.jasig.cas.client.util.CommonUtils.getResponseFromServer(CommonUtils.java:326) > at > org.jasig.cas.client.util.CommonUtils.getResponseFromServer(CommonUtils.java:305) > at > org.jasig.cas.client.validation.AbstractCasProtocolUrlBasedTicketValidator.retrieveResponseFromServer(AbstractCasProtocolUrlBasedTicketValidator.java:50) > at > org.jasig.cas.client.validation.AbstractUrlBasedTicketValidator.validate(AbstractUrlBasedTicketValidator.java:207) > at > org.jasig.cas.client.validation.AbstractTicketValidationFilter.doFilter(AbstractTicketValidationFilter.java:165) > at > org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:235) > at > org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206) > at > org.jasig.cas.client.session.SingleSignOutFilter.doFilter(SingleSignOutFilter.java:76) > at > org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:235) > at > org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206) > at > org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:233) > at > org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:191) > at > org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:127) > at > org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:102) > at > org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:109) > at > org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:298) > at > org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:859) > at > org.apache.coyote.http11.Http11Protocol$Http11ConnectionHandler.process(Http11Protocol.java:588) > at > org.apache.tomcat.util.net.JIoEndpoint$Worker.run(JIoEndpoint.java:489) > at java.lang.Thread.run(Thread.java:662) > Caused by: java.security.cert.CertificateException: No subject alternative > names present > at > sun.security.util.HostnameChecker.matchIP(HostnameChecker.java:142) > at sun.security.util.HostnameChecker.match(HostnameChecker.java:75) > at > com.sun.net.ssl.internal.ssl.X509TrustManagerImpl.checkIdentity(X509TrustManagerImpl.java:264) > at > com.sun.net.ssl.internal.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:250) > at > com.sun.net.ssl.internal.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:1185) > ... 31 more > 2012-02-08 12:34:16, TRACE, servlet.ResourceFileServlet, using resource > expire time of 1d > 2012-02-08 12:34:16, TRACE, session.SingleSignOutFilter, Ignoring URI > /pwm/resources/pwmHelper.js > --------------------------------- > Can anyone please help us on it. > > Thanks > Geo > -- > You are currently subscribed to [email protected] as: > [email protected] > To unsubscribe, change settings or access archives, see > http://www.ja-sig.org/wiki/display/JSG/cas-user > -- Michael Herring Information Technology Services Web Developer Denison University 740-587-6360 [email protected] -- You are currently subscribed to [email protected] as: [email protected] To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user
