The shib-cas-authn2 is itself a CAS Client and has to make a backchannel call to CAS¹s /serviceValidate endpoint. The SSL cert on the CAS Server is not trusted by the Java CA certs keystore. You¹ll need to import the cert into the keystore used by Shib so that the trust works. I think you should be able to find more help at https://wiki.jasig.org/display/CASUM/SSL+Troubleshooting+and+Reference+Guide
-- John Gasper IAM Consultant Unicon, Inc. PGP/GPG Key: 0xbafee3ef From: Niva Agmon <[email protected]> Reply-To: <[email protected]> Date: Friday, March 27, 2015 at 1:59 PM To: <[email protected]> Subject: RE: [cas-user] shib-cas-authn2 plugin error Hi John, Thanks a lot for your reply. The error must have been because I build the shib-cas-authn2-2.05.jar (based on article https://github.com/Unicon/shib-cas-authenticator). Once I downloaded the jar from the URL you posted the error went away. Of course we¹re making baby steps here - now I¹m getting the SSL handshake exception: SEVERE: Servlet.service() for servlet External Authn Callback threw exception java.lang.RuntimeException: javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target Thanks again, Niva From: John Gasper [mailto:[email protected]] Sent: Friday, March 27, 2015 11:24 AM To: [email protected] Subject: Re: [cas-user] shib-cas-authn2 plugin error Hi Niva, The jars in shibboleth-idp/lib are only uses when running the scripts in shibboleth-idp/bin. The webapp has its own set of libraries. They are built from the installer directory (shibboleth-identity-privder-2.4.X/lib) when you run install.sh/.bat. Are to two logging jars in that directory? Usually the shib-cas-authn2 only needs itself and the the cas client jar What version of the cas client jar are you using? I usually download the necessary files with : wget https://github.com/Unicon/shib-cas-authn2/releases/download/v2.0.5/shib-cas- authn2-2.0.5.jar wget https://repo1.maven.org/maven2/org/jasig/cas/client/cas-client-core/3.3.3/ca s-client-core-3.3.3.jar Hope that helps John -- John Gasper IAM Consultant Unicon, Inc. PGP/GPG Key: 0xbafee3ef From: Niva Agmon <[email protected]> Reply-To: <[email protected]> Date: Thursday, March 26, 2015 at 12:35 PM To: <[email protected]> Subject: [cas-user] shib-cas-authn2 plugin error Hello, I installed the plugin to have shibbolized apps authenticate through CAS, but am getting exceptions where the CAS client is looking for log4j: java.lang.NoClassDefFoundError: org/slf4j/LoggerFactory The log4j-over-slf4j-1.7.5.jar and slf4j-api-1.7.5.jar jars are under /opt/shibboleth-idp/lib. Not sure why it¹s not seeing them. SEVERE: StandardWrapper.Throwable java.lang.NoClassDefFoundError: org/slf4j/LoggerFactory at org.jasig.cas.client.validation.AbstractUrlBasedTicketValidator.<init>(Abstr actUrlBasedTicketValidator.java:41) at org.jasig.cas.client.validation.AbstractCasProtocolUrlBasedTicketValidator.< init>(AbstractCasProtocolUrlBasedTicketValidator.java:34) at org.jasig.cas.client.validation.Cas20ServiceTicketValidator.<init>(Cas20Serv iceTicketValidator.java:63) at net.unicon.idp.externalauth.CasCallbackServlet.parseProperties(CasCallbackSe rvlet.java:196) at net.unicon.idp.externalauth.CasCallbackServlet.init(CasCallbackServlet.java: 128) at javax.servlet.GenericServlet.init(GenericServlet.java:212) at org.apache.catalina.core.StandardWrapper.loadServlet(StandardWrapper.java:11 73) at org.apache.catalina.core.StandardWrapper.load(StandardWrapper.java:993) at org.apache.catalina.core.StandardContext.loadOnStartup(StandardContext.java: 4425) at org.apache.catalina.core.StandardContext.start(StandardContext.java:4738) at org.apache.catalina.core.ContainerBase.addChildInternal(ContainerBase.java:7 91) at org.apache.catalina.core.ContainerBase.addChild(ContainerBase.java:771) at org.apache.catalina.core.StandardHost.addChild(StandardHost.java:526) at org.apache.catalina.startup.HostConfig.deployDescriptor(HostConfig.java:637) at org.apache.catalina.startup.HostConfig.deployDescriptors(HostConfig.java:563 ) at org.apache.catalina.startup.HostConfig.deployApps(HostConfig.java:498) at org.apache.catalina.startup.HostConfig.start(HostConfig.java:1277) at org.apache.catalina.startup.HostConfig.lifecycleEvent(HostConfig.java:321) at org.apache.catalina.util.LifecycleSupport.fireLifecycleEvent(LifecycleSuppor t.java:142) at org.apache.catalina.core.ContainerBase.start(ContainerBase.java:1053) at org.apache.catalina.core.StandardHost.start(StandardHost.java:722) at org.apache.catalina.core.ContainerBase.start(ContainerBase.java:1045) at org.apache.catalina.core.StandardEngine.start(StandardEngine.java:443) at org.apache.catalina.core.StandardService.start(StandardService.java:516) at org.apache.catalina.core.StandardServer.start(StandardServer.java:710) at org.apache.catalina.startup.Catalina.start(Catalina.java:593) at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:57 ) at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl .java:43) at java.lang.reflect.Method.invoke(Method.java:622) at org.apache.catalina.startup.Bootstrap.start(Bootstrap.java:289) at org.apache.catalina.startup.Bootstrap.main(Bootstrap.java:414) Mar 26, 2015 3:20:10 PM org.apache.catalina.core.StandardContext loadOnStartup SEVERE: Servlet /idp threw load() exception java.lang.NoClassDefFoundError: org/slf4j/LoggerFactory at org.jasig.cas.client.validation.AbstractUrlBasedTicketValidator.<init>(Abstr actUrlBasedTicketValidator.java:41) at org.jasig.cas.client.validation.AbstractCasProtocolUrlBasedTicketValidator.< init>(AbstractCasProtocolUrlBasedTicketValidator.java:34) at org.jasig.cas.client.validation.Cas20ServiceTicketValidator.<init>(Cas20Serv iceTicketValidator.java:63) at net.unicon.idp.externalauth.CasCallbackServlet.parseProperties(CasCallbackSe rvlet.java:196) at net.unicon.idp.externalauth.CasCallbackServlet.init(CasCallbackServlet.java: 128) at javax.servlet.GenericServlet.init(GenericServlet.java:212) at org.apache.catalina.core.StandardWrapper.loadServlet(StandardWrapper.java:11 73) at org.apache.catalina.core.StandardWrapper.load(StandardWrapper.java:993) at org.apache.catalina.core.StandardContext.loadOnStartup(StandardContext.java: 4425) at org.apache.catalina.core.StandardContext.start(StandardContext.java:4738) at org.apache.catalina.core.ContainerBase.addChildInternal(ContainerBase.java:7 91) at org.apache.catalina.core.ContainerBase.addChild(ContainerBase.java:771) at org.apache.catalina.core.StandardHost.addChild(StandardHost.java:526) at org.apache.catalina.startup.HostConfig.deployDescriptor(HostConfig.java:637) at org.apache.catalina.startup.HostConfig.deployDescriptors(HostConfig.java:563 ) at org.apache.catalina.startup.HostConfig.deployApps(HostConfig.java:498) at org.apache.catalina.startup.HostConfig.start(HostConfig.java:1277) at org.apache.catalina.startup.HostConfig.lifecycleEvent(HostConfig.java:321) at org.apache.catalina.util.LifecycleSupport.fireLifecycleEvent(LifecycleSuppor t.java:142) at org.apache.catalina.core.ContainerBase.start(ContainerBase.java:1053) at org.apache.catalina.core.StandardHost.start(StandardHost.java:722) at org.apache.catalina.core.ContainerBase.start(ContainerBase.java:1045) at org.apache.catalina.core.StandardEngine.start(StandardEngine.java:443) at org.apache.catalina.core.StandardService.start(StandardService.java:516) at org.apache.catalina.core.StandardServer.start(StandardServer.java:710) at org.apache.catalina.startup.Catalina.start(Catalina.java:593) at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:57 ) at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl .java:43) at java.lang.reflect.Method.invoke(Method.java:622) at org.apache.catalina.startup.Bootstrap.start(Bootstrap.java:289) at org.apache.catalina.startup.Bootstrap.main(Bootstrap.java:414) Mar 26, 2015 3:20:20 PM org.apache.catalina.core.ApplicationContext log SEVERE: StandardWrapper.Throwable java.lang.NoClassDefFoundError: org/slf4j/LoggerFactory at org.jasig.cas.client.validation.AbstractUrlBasedTicketValidator.<init>(Abstr actUrlBasedTicketValidator.java:41) at org.jasig.cas.client.validation.AbstractCasProtocolUrlBasedTicketValidator.< init>(AbstractCasProtocolUrlBasedTicketValidator.java:34) at org.jasig.cas.client.validation.Cas20ServiceTicketValidator.<init>(Cas20Serv iceTicketValidator.java:63) at net.unicon.idp.externalauth.CasCallbackServlet.parseProperties(CasCallbackSe rvlet.java:196) at net.unicon.idp.externalauth.CasCallbackServlet.init(CasCallbackServlet.java: 128) at javax.servlet.GenericServlet.init(GenericServlet.java:212) at org.apache.catalina.core.StandardWrapper.loadServlet(StandardWrapper.java:11 73) at org.apache.catalina.core.StandardWrapper.allocate(StandardWrapper.java:809) at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.ja va:129) at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.ja va:191) at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:127 ) at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:102 ) at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java :109) at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:298) at org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:857) at org.apache.coyote.http11.Http11Protocol$Http11ConnectionHandler.process(Http 11Protocol.java:588) at org.apache.tomcat.util.net.JIoEndpoint$Worker.run(JIoEndpoint.java:489) at java.lang.Thread.run(Thread.java:701) Mar 26, 2015 3:20:20 PM org.apache.catalina.core.StandardWrapperValve invoke SEVERE: Allocate exception for servlet External Authn Callback java.lang.NoClassDefFoundError: org/slf4j/LoggerFactory at org.jasig.cas.client.validation.AbstractUrlBasedTicketValidator.<init>(Abstr actUrlBasedTicketValidator.java:41) at org.jasig.cas.client.validation.AbstractCasProtocolUrlBasedTicketValidator.< init>(AbstractCasProtocolUrlBasedTicketValidator.java:34) at org.jasig.cas.client.validation.Cas20ServiceTicketValidator.<init>(Cas20Serv iceTicketValidator.java:63) at net.unicon.idp.externalauth.CasCallbackServlet.parseProperties(CasCallbackSe rvlet.java:196) at net.unicon.idp.externalauth.CasCallbackServlet.init(CasCallbackServlet.java: 128) at javax.servlet.GenericServlet.init(GenericServlet.java:212) at org.apache.catalina.core Thanks a lot, Niva Niva Agmon Temple University O: 215-204-2680 [email protected] -- You are currently subscribed to [email protected] as: [email protected] To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user -- You are currently subscribed to [email protected] as: [email protected] To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user -- You are currently subscribed to [email protected] as: [email protected] To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user -- You are currently subscribed to [email protected] as: [email protected] To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user
