RE: [cas-user] shib-cas-authn2 plugin error

[Niva Agmon]

This explains it.
Both servers are using real certs (from GlobalSign, not self signed), but I did 
notice that the GlobalSign root certs are not the same on the two servers, so 
I'll import the one from CAS to the Shib server cacert & am praying that this 
will do the trick!

Thanks again John,
Niva

From: John Gasper [mailto:jgas...@unicon.net]
Sent: Monday, March 30, 2015 11:46 AM
To: cas-user@lists.jasig.org
Subject: Re: [cas-user] shib-cas-authn2 plugin error

The shib-cas-authn2 is itself a CAS Client and has to make a backchannel call 
to CAS's /serviceValidate endpoint. The SSL cert on the CAS Server is not 
trusted by the Java CA certs keystore. You'll need to import the cert into the 
keystore used by Shib so that the trust works. I think you should be able to 
find more help at 
https://wiki.jasig.org/display/CASUM/SSL+Troubleshooting+and+Reference+Guide

--
John Gasper
IAM Consultant
Unicon, Inc.
PGP/GPG Key: 0xbafee3ef


From: Niva Agmon <nag...@temple.edu<mailto:nag...@temple.edu>>
Reply-To: <cas-user@lists.jasig.org<mailto:cas-user@lists.jasig.org>>
Date: Friday, March 27, 2015 at 1:59 PM
To: <cas-user@lists.jasig.org<mailto:cas-user@lists.jasig.org>>
Subject: RE: [cas-user] shib-cas-authn2 plugin error

Hi John,

Thanks a lot for your reply.
The error must have been because I build the shib-cas-authn2-2.05.jar  (based 
on article https://github.com/Unicon/shib-cas-authenticator).
Once I downloaded the jar from the URL you posted the error went away.

Of course we're making baby steps here -  now I'm getting the SSL handshake 
exception:
SEVERE: Servlet.service() for servlet External Authn Callback threw exception
java.lang.RuntimeException: javax.net.ssl.SSLHandshakeException: 
sun.security.validator.ValidatorException: PKIX path building failed: 
sun.security.provider.certpath.SunCertPathBuilderException: unable to find 
valid certification path to requested target

Thanks again,
Niva


From: John Gasper [mailto:jgas...@unicon.net]
Sent: Friday, March 27, 2015 11:24 AM
To: cas-user@lists.jasig.org<mailto:cas-user@lists.jasig.org>
Subject: Re: [cas-user] shib-cas-authn2 plugin error

Hi Niva,

The jars in shibboleth-idp/lib are only uses when running the scripts in 
shibboleth-idp/bin. The webapp has its own set of libraries. They are built 
from the installer directory (shibboleth-identity-privder-2.4.X/lib) when you 
run install.sh/.bat. Are to two logging jars in that directory?

Usually the shib-cas-authn2 only needs itself and the the cas client jar... 
What version of the cas client jar are you using? I usually download the 
necessary files with :
wget 
https://github.com/Unicon/shib-cas-authn2/releases/download/v2.0.5/shib-cas-authn2-2.0.5.jar
wget 
https://repo1.maven.org/maven2/org/jasig/cas/client/cas-client-core/3.3.3/cas-client-core-3.3.3.jar

Hope that helps...

John

--
John Gasper
IAM Consultant
Unicon, Inc.
PGP/GPG Key: 0xbafee3ef


From: Niva Agmon <nag...@temple.edu<mailto:nag...@temple.edu>>
Reply-To: <cas-user@lists.jasig.org<mailto:cas-user@lists.jasig.org>>
Date: Thursday, March 26, 2015 at 12:35 PM
To: <cas-user@lists.jasig.org<mailto:cas-user@lists.jasig.org>>
Subject: [cas-user] shib-cas-authn2 plugin error

Hello,

I installed the plugin to have shibbolized apps authenticate through CAS, but 
am getting exceptions where the CAS client is looking for log4j:

java.lang.NoClassDefFoundError: org/slf4j/LoggerFactory

The log4j-over-slf4j-1.7.5.jar and slf4j-api-1.7.5.jar jars are under 
/opt/shibboleth-idp/lib. Not sure why it's not seeing them.


SEVERE: StandardWrapper.Throwable
java.lang.NoClassDefFoundError: org/slf4j/LoggerFactory
        at 
org.jasig.cas.client.validation.AbstractUrlBasedTicketValidator.<init>(AbstractUrlBasedTicketValidator.java:41)
        at 
org.jasig.cas.client.validation.AbstractCasProtocolUrlBasedTicketValidator.<init>(AbstractCasProtocolUrlBasedTicketValidator.java:34)
        at 
org.jasig.cas.client.validation.Cas20ServiceTicketValidator.<init>(Cas20ServiceTicketValidator.java:63)
        at 
net.unicon.idp.externalauth.CasCallbackServlet.parseProperties(CasCallbackServlet.java:196)
        at 
net.unicon.idp.externalauth.CasCallbackServlet.init(CasCallbackServlet.java:128)
        at javax.servlet.GenericServlet.init(GenericServlet.java:212)
        at 
org.apache.catalina.core.StandardWrapper.loadServlet(StandardWrapper.java:1173)
        at 
org.apache.catalina.core.StandardWrapper.load(StandardWrapper.java:993)
        at 
org.apache.catalina.core.StandardContext.loadOnStartup(StandardContext.java:4425)
        at 
org.apache.catalina.core.StandardContext.start(StandardContext.java:4738)
        at 
org.apache.catalina.core.ContainerBase.addChildInternal(ContainerBase.java:791)
        at 
org.apache.catalina.core.ContainerBase.addChild(ContainerBase.java:771)
        at org.apache.catalina.core.StandardHost.addChild(StandardHost.java:526)
        at 
org.apache.catalina.startup.HostConfig.deployDescriptor(HostConfig.java:637)
        at 
org.apache.catalina.startup.HostConfig.deployDescriptors(HostConfig.java:563)
        at 
org.apache.catalina.startup.HostConfig.deployApps(HostConfig.java:498)
        at org.apache.catalina.startup.HostConfig.start(HostConfig.java:1277)
        at 
org.apache.catalina.startup.HostConfig.lifecycleEvent(HostConfig.java:321)
        at 
org.apache.catalina.util.LifecycleSupport.fireLifecycleEvent(LifecycleSupport.java:142)
        at org.apache.catalina.core.ContainerBase.start(ContainerBase.java:1053)
        at org.apache.catalina.core.StandardHost.start(StandardHost.java:722)
        at org.apache.catalina.core.ContainerBase.start(ContainerBase.java:1045)
        at 
org.apache.catalina.core.StandardEngine.start(StandardEngine.java:443)
        at 
org.apache.catalina.core.StandardService.start(StandardService.java:516)
        at 
org.apache.catalina.core.StandardServer.start(StandardServer.java:710)
        at org.apache.catalina.startup.Catalina.start(Catalina.java:593)
        at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
        at 
sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:57)
        at 
sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
        at java.lang.reflect.Method.invoke(Method.java:622)
        at org.apache.catalina.startup.Bootstrap.start(Bootstrap.java:289)
        at org.apache.catalina.startup.Bootstrap.main(Bootstrap.java:414)
Mar 26, 2015 3:20:10 PM org.apache.catalina.core.StandardContext loadOnStartup
SEVERE: Servlet /idp threw load() exception
java.lang.NoClassDefFoundError: org/slf4j/LoggerFactory
        at 
org.jasig.cas.client.validation.AbstractUrlBasedTicketValidator.<init>(AbstractUrlBasedTicketValidator.java:41)
        at 
org.jasig.cas.client.validation.AbstractCasProtocolUrlBasedTicketValidator.<init>(AbstractCasProtocolUrlBasedTicketValidator.java:34)
        at 
org.jasig.cas.client.validation.Cas20ServiceTicketValidator.<init>(Cas20ServiceTicketValidator.java:63)
        at 
net.unicon.idp.externalauth.CasCallbackServlet.parseProperties(CasCallbackServlet.java:196)
        at 
net.unicon.idp.externalauth.CasCallbackServlet.init(CasCallbackServlet.java:128)
        at javax.servlet.GenericServlet.init(GenericServlet.java:212)
        at 
org.apache.catalina.core.StandardWrapper.loadServlet(StandardWrapper.java:1173)
        at 
org.apache.catalina.core.StandardWrapper.load(StandardWrapper.java:993)
        at 
org.apache.catalina.core.StandardContext.loadOnStartup(StandardContext.java:4425)
        at 
org.apache.catalina.core.StandardContext.start(StandardContext.java:4738)
        at 
org.apache.catalina.core.ContainerBase.addChildInternal(ContainerBase.java:791)
        at 
org.apache.catalina.core.ContainerBase.addChild(ContainerBase.java:771)
        at org.apache.catalina.core.StandardHost.addChild(StandardHost.java:526)
        at 
org.apache.catalina.startup.HostConfig.deployDescriptor(HostConfig.java:637)
        at 
org.apache.catalina.startup.HostConfig.deployDescriptors(HostConfig.java:563)
        at 
org.apache.catalina.startup.HostConfig.deployApps(HostConfig.java:498)
        at org.apache.catalina.startup.HostConfig.start(HostConfig.java:1277)
        at 
org.apache.catalina.startup.HostConfig.lifecycleEvent(HostConfig.java:321)
        at 
org.apache.catalina.util.LifecycleSupport.fireLifecycleEvent(LifecycleSupport.java:142)
        at org.apache.catalina.core.ContainerBase.start(ContainerBase.java:1053)
        at org.apache.catalina.core.StandardHost.start(StandardHost.java:722)
        at org.apache.catalina.core.ContainerBase.start(ContainerBase.java:1045)
        at 
org.apache.catalina.core.StandardEngine.start(StandardEngine.java:443)
        at 
org.apache.catalina.core.StandardService.start(StandardService.java:516)
        at 
org.apache.catalina.core.StandardServer.start(StandardServer.java:710)
        at org.apache.catalina.startup.Catalina.start(Catalina.java:593)
        at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
        at 
sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:57)
        at 
sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
        at java.lang.reflect.Method.invoke(Method.java:622)
        at org.apache.catalina.startup.Bootstrap.start(Bootstrap.java:289)
        at org.apache.catalina.startup.Bootstrap.main(Bootstrap.java:414)
Mar 26, 2015 3:20:20 PM org.apache.catalina.core.ApplicationContext log
SEVERE: StandardWrapper.Throwable
java.lang.NoClassDefFoundError: org/slf4j/LoggerFactory
        at 
org.jasig.cas.client.validation.AbstractUrlBasedTicketValidator.<init>(AbstractUrlBasedTicketValidator.java:41)
        at 
org.jasig.cas.client.validation.AbstractCasProtocolUrlBasedTicketValidator.<init>(AbstractCasProtocolUrlBasedTicketValidator.java:34)
        at 
org.jasig.cas.client.validation.Cas20ServiceTicketValidator.<init>(Cas20ServiceTicketValidator.java:63)
        at 
net.unicon.idp.externalauth.CasCallbackServlet.parseProperties(CasCallbackServlet.java:196)
        at 
net.unicon.idp.externalauth.CasCallbackServlet.init(CasCallbackServlet.java:128)
        at javax.servlet.GenericServlet.init(GenericServlet.java:212)
        at 
org.apache.catalina.core.StandardWrapper.loadServlet(StandardWrapper.java:1173)
        at 
org.apache.catalina.core.StandardWrapper.allocate(StandardWrapper.java:809)
        at 
org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:129)
        at 
org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:191)
        at 
org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:127)
        at 
org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:102)
        at 
org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:109)
        at 
org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:298)
        at 
org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:857)
        at 
org.apache.coyote.http11.Http11Protocol$Http11ConnectionHandler.process(Http11Protocol.java:588)
        at 
org.apache.tomcat.util.net.JIoEndpoint$Worker.run(JIoEndpoint.java:489)
        at java.lang.Thread.run(Thread.java:701)
Mar 26, 2015 3:20:20 PM org.apache.catalina.core.StandardWrapperValve invoke
SEVERE: Allocate exception for servlet External Authn Callback
java.lang.NoClassDefFoundError: org/slf4j/LoggerFactory
        at 
org.jasig.cas.client.validation.AbstractUrlBasedTicketValidator.<init>(AbstractUrlBasedTicketValidator.java:41)
        at 
org.jasig.cas.client.validation.AbstractCasProtocolUrlBasedTicketValidator.<init>(AbstractCasProtocolUrlBasedTicketValidator.java:34)
        at 
org.jasig.cas.client.validation.Cas20ServiceTicketValidator.<init>(Cas20ServiceTicketValidator.java:63)
        at 
net.unicon.idp.externalauth.CasCallbackServlet.parseProperties(CasCallbackServlet.java:196)
        at 
net.unicon.idp.externalauth.CasCallbackServlet.init(CasCallbackServlet.java:128)
        at javax.servlet.GenericServlet.init(GenericServlet.java:212)
        at org.apache.catalina.core



Thanks a lot,
Niva


Niva Agmon
Temple University
O: 215-204-2680
nag...@temple.edu<mailto:nag...@temple.edu>




--

You are currently subscribed to 
cas-user@lists.jasig.org<mailto:cas-user@lists.jasig.org> as: 
jgas...@unicon.net<mailto:jgas...@unicon.net>

To unsubscribe, change settings or access archives, see 
http://www.ja-sig.org/wiki/display/JSG/cas-user



--

You are currently subscribed to 
cas-user@lists.jasig.org<mailto:cas-user@lists.jasig.org> as: 
nag...@temple.edu<mailto:nag...@temple.edu>

To unsubscribe, change settings or access archives, see 
http://www.ja-sig.org/wiki/display/JSG/cas-user

--

You are currently subscribed to 
cas-user@lists.jasig.org<mailto:cas-user@lists.jasig.org> as: 
jgas...@unicon.net<mailto:jgas...@unicon.net>

To unsubscribe, change settings or access archives, see 
http://www.ja-sig.org/wiki/display/JSG/cas-user



--

You are currently subscribed to 
cas-user@lists.jasig.org<mailto:cas-user@lists.jasig.org> as: 
nag...@temple.edu<mailto:nag...@temple.edu>

To unsubscribe, change settings or access archives, see 
http://www.ja-sig.org/wiki/display/JSG/cas-user

-- 
You are currently subscribed to cas-user@lists.jasig.org as: 
arch...@mail-archive.com
To unsubscribe, change settings or access archives, see 
http://www.ja-sig.org/wiki/display/JSG/cas-user