In general, a properly configured CAS client should be validating the cert when calling serviceValidate, proxyValidate, or samlValidate to ensure that it is actually talking to the CAS server and not a "man in the middle". Since in this case, the CAS client is running inside of CAS itself, then the jre that CAS is using would need to have the CAS's cert in its truststore.
I have not played with CAS services interface, so I'm going a bit off of theory here, but generally, you do have to do your cert management right to get things to work. David Ohsie EMC Corporation > -----Original Message----- > From: [email protected] > [mailto:[email protected]] > Sent: Thursday, August 29, 2013 1:09 PM > To: [email protected] > Subject: RE:[cas-user] Redirection loop when attempting to access > https://localhost:8443/cas/services/ > > > Is the certificate for your CAS server set up as a trusted cert in the > > truststore of the jre used to run CAS? I could be that the ST > > validation is failing due to cert validation issues. > > Do you mean the SSL certificate? If so, no, I didn't import it as a trusted > certificate in the trust store. Was I supposed to? > > With Regards > > Stefan > > > > > -- > This e-mail and any attachments may contain confidential, copyright and or > privileged material, and are for the use of the intended addressee only. If > you are not the intended addressee or an authorised recipient of the > addressee please notify us of receipt by returning the e-mail and do not use, > copy, retain, distribute or disclose the information in or attached to the e- > mail. > Any opinions expressed within this e-mail are those of the individual and not > necessarily of Diamond Light Source Ltd. > Diamond Light Source Ltd. cannot guarantee that this e-mail or any > attachments are free from viruses and we cannot accept liability for any > damage which you may sustain as a result of software viruses which may be > transmitted in or with the message. > Diamond Light Source Limited (company no. 4375679). Registered in England > and Wales with its registered office at Diamond House, Harwell Science and > Innovation Campus, Didcot, Oxfordshire, OX11 0DE, United Kingdom > > > > > > -- > You are currently subscribed to [email protected] as: > [email protected] > To unsubscribe, change settings or access archives, see http://www.ja- > sig.org/wiki/display/JSG/cas-user > -- You are currently subscribed to [email protected] as: [email protected] To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user
