I have solved the problem.
First, for the particular X.509 certificates I am using (issued by GSA -
they are US Govt PIV card certs), it was necessary to add the following
properties:
bean
class="org.jasig.cas.adaptors.x509.authentication.handler.support.X509CredentialsAuthenticationHandler">
<property name="trustedIssuerDnPattern" value="CN=Federal Common Policy
CA,
OU=FPKI, O=U.S. Government, C=US"/>
<property name="maxPathLengthAllowUnspecified" value="TRUE" />
</bean>
Thanks to the individual who replied about maxPathLengthAllowUnspecified.
I discovered the problem about the trustedIssuerDnPattern by turning on
DEBUG for the X509 auth handler in the log4j.xml file:
<logger
name="org.jasig.cas.adaptors.x509.authentication.handler.support.X509CredentialsAuthenticationHandler"
additivity="true">
<level value="DEBUG" />
<appender-ref ref="cas" />
</logger>
-----
- Michael Colburn
--
View this message in context:
http://jasig.275507.n4.nabble.com/X509-Authentication-Fails-tp4659376p4659436.html
Sent from the CAS Users mailing list archive at Nabble.com.
--
You are currently subscribed to [email protected] as:
[email protected]
To unsubscribe, change settings or access archives, see
http://www.ja-sig.org/wiki/display/JSG/cas-user
