Yes--that was the problem. Also, I had to resolve a regEx pattern issue for the property trustedIssuerDnPattern.
Thanks! Thanks! ------------------------------------------ *Michael Colburn* Human Resources Directorate Interior Business Center 303-969-7427 (Office) [email protected] US Department of the Interior Office of the Secretary www.ibc.doi.gov *Your Focus: Your Mission* *Our Focus: You* * * *Customer satisfaction is our number 1 priority.* Please take a few moments to complete our customer survey by visiting this link http://www.surveymonkey.com/s/6WVLF8P. Thank you for your valued feedback! On Mon, Apr 29, 2013 at 4:51 PM, Francisco Pascual <[email protected]>wrote: > It seems you're going to accept any certificate. I think this could be > resolved by setting the attribute maxPathLengthAllowUnspecified > (X509CredentialsAuthenticationHandler) to true. > > Hope this helps > > > 2013/4/30 mcolburn <[email protected]> > >> Here is an update to my problem: I have discovered in the cas.log the >> following:; >> >> java.security.GeneralSecurityException: Unlimited certificate path length >> not allowed by configuration. >> at >> >> org.jasig.cas.adaptors.x509.authentication.handler.support.X509CredentialsAuthenticationHandler.validate(X509CredentialsAuthenticationHandler.java:226) >> >> I see some old posts from 2007 about a fix to CAS code to handle this >> problem. >> >> But, I am unable to discover where parameters can be set to tell CAS to >> allow unlimited cert path length. >> >> Can anyone help, please? Thanks! >> >> >> >> ----- >> - Michael Colburn >> -- >> View this message in context: >> http://jasig.275507.n4.nabble.com/X509-Authentication-Fails-tp4659376p4659413.html >> Sent from the CAS Users mailing list archive at Nabble.com. >> >> -- >> You are currently subscribed to [email protected] as: >> [email protected] >> To unsubscribe, change settings or access archives, see >> http://www.ja-sig.org/wiki/display/JSG/cas-user >> > > -- > You are currently subscribed to [email protected] as: > [email protected] > To unsubscribe, change settings or access archives, see > http://www.ja-sig.org/wiki/display/JSG/cas-user > > -- You are currently subscribed to [email protected] as: [email protected] To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user
