Re: [cas-user] SSL errors occurring even after following all troubleshooting steps

Tue, 07 Apr 2015 08:25:27 -0700

Hello,

Have you exported the ldap server's cert/chain and imported it into the jre's cacerts file? I don't see a reference in the ssl trace for ldaps.hma.com.

On Apr 7, 2015 12:08 AM, Venkatesh Babu KR <[email protected]> wrote:

Hi,

We are working to setup CAS server version - 3.5.2 to work with our secure LDAP server. However, running into issues with the SSL handshake. We get exception:

sun.security.validator.ValidatorException: PKIX path building failed:
sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target

I tried incorporating all troubleshooting stuff mentioned in following link: https://wiki.jasig.org/display/casum/ssl+troubleshooting+and+reference+guide, still running into the same issue. So, given below is the SSL trace obtained from my tomcat. Would somebody be able to help us out here and mention what is going wrong, and how to fix the same? Really appreciate your help here.

Regards,
Venkatesh

SSL trace:
========
Is initial handshake: true
Is secure renegotiation: false
http-bio-8443-exec-5, setSoTimeout(3000) called
%% No cached client session
*** ClientHello, TLSv1
RandomCookie:  GMT: 1428389663 bytes = { 107, 68, 168, 45, 221, 151, 251, 41, 43
, 169, 18, 242, 142, 0, 79, 93, 30, 204, 181, 254, 173, 49, 156, 242, 99, 224, 2
07, 2 }
Session ID:  {}
Cipher Suites: [TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA, TLS_ECDHE_RSA_WITH_AES_128
_CBC_SHA, TLS_RSA_WITH_AES_128_CBC_SHA, TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA, TLS
_ECDH_RSA_WITH_AES_128_CBC_SHA, TLS_DHE_RSA_WITH_AES_128_CBC_SHA, TLS_DHE_DSS_WI
TH_AES_128_CBC_SHA, TLS_ECDHE_ECDSA_WITH_RC4_128_SHA, TLS_ECDHE_RSA_WITH_RC4_128
_SHA, SSL_RSA_WITH_RC4_128_SHA, TLS_ECDH_ECDSA_WITH_RC4_128_SHA, TLS_ECDH_RSA_WI
TH_RC4_128_SHA, TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA, TLS_ECDHE_RSA_WITH_3DES_E
DE_CBC_SHA, SSL_RSA_WITH_3DES_EDE_CBC_SHA, TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA,
 TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA, SSL_DHE_RSA_WITH_3DES_EDE_CBC_SHA, SSL_DHE_
DSS_WITH_3DES_EDE_CBC_SHA, SSL_RSA_WITH_RC4_128_MD5, TLS_EMPTY_RENEGOTIATION_INF
O_SCSV]
Compression Methods:  { 0 }
Extension elliptic_curves, curve names: {secp256r1, sect163k1, sect163r2, secp19
2r1, secp224r1, sect233k1, sect233r1, sect283k1, sect283r1, secp384r1, sect409k1
, sect409r1, secp521r1, sect571k1, sect571r1, secp160k1, secp160r1, secp160r2, s
ect163r1, secp192k1, sect193r1, sect193r2, secp224k1, sect239k1, secp256k1}
Extension ec_point_formats, formats: [uncompressed]
***
http-bio-8443-exec-5, WRITE: TLSv1 Handshake, length = 149
http-bio-8443-exec-5, READ: TLSv1 Handshake, length = 5089
*** ServerHello, TLSv1
RandomCookie:  GMT: 1428389663 bytes = { 249, 216, 159, 16, 62, 117, 92, 153, 37
, 122, 171, 186, 182, 204, 148, 71, 198, 113, 223, 0, 227, 187, 48, 1, 215, 161,
 252, 189 }
Session ID:  {8, 56, 0, 0, 23, 230, 106, 155, 234, 191, 212, 35, 42, 164, 246, 7
2, 47, 146, 174, 115, 25, 64, 143, 7, 11, 54, 26, 6, 125, 239, 205, 71}
Cipher Suite: TLS_RSA_WITH_AES_128_CBC_SHA
Compression Method: 0
Extension renegotiation_info, renegotiated_connection: <empty>
***
%% Initialized:  [Session-2, TLS_RSA_WITH_AES_128_CBC_SHA]
** TLS_RSA_WITH_AES_128_CBC_SHA
*** Certificate chain
chain [0] = [
[
  Version: V3
  Subject:
  Signature Algorithm: SHA256withRSA, OID = 1.2.840.113549.1.1.11

  Key:  Sun RSA public key, 1024 bits
  modulus: 123587049144444449866062873316371894902716725437121501991374083492415
21336397423864928961495010744530119809441226215782787448955326099692069963007787
00088167939390598502948672895684688614282870790423689814626939394613797008369843
21137000130555242549253625882064313063982563252949590488818446778990478859280853

  public exponent: 65537
  Validity: [From: Fri Sep 05 05:01:29 IST 2014,
               To: Sat Sep 05 05:01:29 IST 2015]
  Issuer: CN=HMAIssuingCA, DC=hma, DC=com
  SerialNumber: [    18f3696d 00000066 714e]

Certificate Extensions: 9
[1]: ObjectId: 1.3.6.1.4.1.311.21.10 Criticality=false
Extension unknown: DER encoded OCTET string =
0000: 04 28 30 26 30 0A 06 08   2B 06 01 05 05 07 03 02  .(0&0...+.......
0010: 30 0A 06 08 2B 06 01 05   05 07 03 01 30 0C 06 0A  0...+.......0...
0020: 2B 06 01 04 01 82 37 14   02 02                    +.....7...


[2]: ObjectId: 1.3.6.1.4.1.311.21.7 Criticality=false
Extension unknown: DER encoded OCTET string =
0000: 04 2A 30 28 06 20 2B 06   01 04 01 82 37 15 08 87  .*0(. +.....7...
0010: B5 A4 60 83 E7 8D 54 84   ED 85 1B 83 FB D9 4C 85  ..`...T.......L.
0020: D8 91 7E 27 01 1C 02 01   6E 02 01 00              ...'....n...


[3]: ObjectId: 1.3.6.1.5.5.7.1.1 Criticality=false
AuthorityInfoAccess [
  [
   accessMethod: caIssuers
   accessLocation: URIName: ldap:///CN=HMAIssuingCA,CN=AIA,CN=Public%20Key%20Ser
vices,CN=Services,CN=Configuration,DC=hma,DC=com?cACertificate?base?objectClass=
certificationAuthority
,
   accessMethod: caIssuers
   accessLocation: URIName: http://pki.hma.com/CertEnroll/000TIER2CA01.hma.com_H
MAIssuingCA.crt
]
]

[4]: ObjectId: 2.5.29.35 Criticality=false
AuthorityKeyIdentifier [
KeyIdentifier [
0000: 0A 11 AC D4 3C 0D 15 9D   F6 CE 86 BB 32 ED 38 2E  ....<.......2.8.
0010: 93 CA F5 E2                                        ....
]
]

[5]: ObjectId: 2.5.29.31 Criticality=false
CRLDistributionPoints [
  [DistributionPoint:
     [URIName: ldap:///CN=HMAIssuingCA,CN=000TIER2CA01,CN=CDP,CN=Public%20Key%20
Services,CN=Services,CN=Configuration,DC=hma,DC=com?certificateRevocationList?ba
se?objectClass=cRLDistributionPoint, URIName: http://pki.hma.com/CertEnroll/HMAI
ssuingCA.crl]
]]

[6]: ObjectId: 2.5.29.37 Criticality=false
ExtendedKeyUsages [
  clientAuth
  serverAuth
  1.3.6.1.4.1.311.20.2.2
]

[7]: ObjectId: 2.5.29.15 Criticality=false
KeyUsage [
  DigitalSignature
  Key_Encipherment
]

[8]: ObjectId: 2.5.29.17 Criticality=true
SubjectAlternativeName [
  DNSName: 00aDC02.hma.com
]

[9]: ObjectId: 2.5.29.14 Criticality=false
SubjectKeyIdentifier [
KeyIdentifier [
0000: C4 CC A6 1D D9 93 CA 64   35 68 EB 4C 93 A6 DB 0F  .......d5h.L....
0010: 47 02 13 57                                        G..W
]
]

]
  Algorithm: [SHA256withRSA]
  Signature:
0000: AE 27 CF A8 DA B2 94 8A   3B 62 49 2E 6F B8 F6 96  .'......;bI.o...
0010: 2B 77 67 3A 16 CA 1D 95   84 C2 2A B3 FA 94 44 00  +wg:......*...D.
0020: D1 66 E3 EF 89 08 6A 71   7F 24 10 C8 18 4F A8 E8  .f....jq.$...O..
0030: 34 C7 24 C4 CE 6D D1 D8   5E 94 28 14 76 11 38 81  4.$..m..^.(.v.8.
0040: 7B 82 2F C0 29 5A C1 4C   08 65 09 EC 33 2F 4B 84  ../.)Z.L.e..3/K.
0050: 2F 6A 84 63 73 35 E6 F3   32 C5 BD 43 E9 36 F1 A2  /j.cs5..2..C.6..
0060: 9C 2A 0F DB 45 28 5E 99   69 D8 F9 94 2C 5A 72 76  .*..E(^.i...,Zrv
0070: 47 78 AA A3 92 B3 37 F1   65 A7 EC BF 0D 06 82 9E  Gx....7.e.......
0080: A4 A4 2F 9C AD 39 95 5B   B1 A3 3A DB B4 A9 D7 CA  ../..9.[..:.....
0090: 94 6E F4 E5 8B 14 07 7D   D8 77 F1 9A 33 18 DC F7  .n.......w..3...
00A0: E1 57 FF EB 89 12 3A BF   6C 9E E6 56 F0 9F 30 18  .W....:.l..V..0.
00B0: 76 2D E0 E2 9D 96 8B 23   C1 6F 82 EE BC C7 2C F8  v-.....#.o....,.
00C0: 62 8A 23 9F 74 4A 51 4E   83 0D 65 D3 BC EF D3 61  b.#.tJQN..e....a
00D0: 66 15 DD 19 08 92 01 18   61 EF 11 7D 5F 92 BC 83  f.......a..._...
00E0: 4F 2B A0 78 46 B9 71 6A   26 04 8E 69 9E E4 9E B7  O+.xF.qj&..i....
00F0: 58 79 1E CA 3C A9 77 CA   C7 8A 5B EA 05 BE E2 72  Xy..<.w...[....r

]
chain [1] = [
[
  Version: V3
  Subject: CN=HMAIssuingCA, DC=hma, DC=com
  Signature Algorithm: SHA1withRSA, OID = 1.2.840.113549.1.1.5

  Key:  Sun RSA public key, 2048 bits
  modulus: 252119053238242016428096556407677069930262456375977811240478656854140
22269270066845993050661647363969176941359559384849895482390283770784670290665316
68567149031446747822130256736169933543499767564842682928212982603592939565647469
14732367403895805800667905236178329987746862841039128052872776131492353155091365
79773720529093462224208784199511914884259298345528564535940988055868147460665404
00716000591208615176350207979540480355338345194959902532132868266372698950118274
63021424122193278074100425839211154803053898072437474040280296932847671882474501
98231706482551103961524356749651931903910820032892237106364421885541
  public exponent: 65537
  Validity: [From: Wed Oct 16 20:01:35 IST 2013,
               To: Mon Oct 16 20:11:35 IST 2023]
  Issuer: CN=HMAROOT-CA
  SerialNumber: [    6134bc1e 00000000 0002]

Certificate Extensions: 8
[1]: ObjectId: 1.3.6.1.4.1.311.20.2 Criticality=false
Extension unknown: DER encoded OCTET string =
0000: 04 0C 1E 0A 00 53 00 75   00 62 00 43 00 41        .....S.u.b.C.A


[2]: ObjectId: 1.3.6.1.4.1.311.21.1 Criticality=false
Extension unknown: DER encoded OCTET string =
0000: 04 03 02 01 00                                     .....


[3]: ObjectId: 1.3.6.1.5.5.7.1.1 Criticality=false
AuthorityInfoAccess [
  [
   accessMethod: caIssuers
   accessLocation: URIName: ldap:///CN=HMAROOT-CA,CN=AIA,CN=Public%20Key%20Servi
ces,CN=Services,DC=UnavailableConfigDN?cACertificate?base?objectClass=certificat
ionAuthority
,
   accessMethod: caIssuers
   accessLocation: URIName: http://pki.hma.com/CertEnroll/000TIER1CA01_HMAROOT-C
A.crt
]
]

[4]: ObjectId: 2.5.29.35 Criticality=false
AuthorityKeyIdentifier [
KeyIdentifier [
0000: 59 86 B0 43 AF 92 63 14   09 60 B5 99 09 71 DB 2D  Y..C..c..`...q.-
0010: 5D 3E A7 4E                                        ]>.N
]
]

[5]: ObjectId: 2.5.29.19 Criticality=true
BasicConstraints:[
  CA:true
  PathLen:2147483647
]

[6]: ObjectId: 2.5.29.31 Criticality=false
CRLDistributionPoints [
  [DistributionPoint:
     [URIName: ldap:///CN=HMAROOT-CA,CN=000TIER1CA01,CN=CDP,CN=Public%20Key%20Se
rvices,CN=Services,DC=UnavailableConfigDN?certificateRevocationList?base?objectC
lass=cRLDistributionPoint, URIName: http://pki.hma.com/CertEnroll/HMAROOT-CA.crl
]
]]

[7]: ObjectId: 2.5.29.15 Criticality=false
KeyUsage [
  DigitalSignature
  Key_CertSign
  Crl_Sign
]

[8]: ObjectId: 2.5.29.14 Criticality=false
SubjectKeyIdentifier [
KeyIdentifier [
0000: 0A 11 AC D4 3C 0D 15 9D   F6 CE 86 BB 32 ED 38 2E  ....<.......2.8.
0010: 93 CA F5 E2                                        ....
]
]

]
  Algorithm: [SHA1withRSA]
  Signature:
0000: 79 3C C0 D7 D6 B4 DD 9E   60 4C D0 90 C0 B3 DD D3  y<......`L......
0010: F2 52 F1 82 6E 15 41 67   6F 92 E7 87 C6 6C 92 C9  .R..n.Ago....l..
0020: 2F 80 A8 74 96 55 43 FB   3D 43 93 70 26 09 E3 25  /..t.UC.=C.p&..%
0030: 04 3E 8E 71 FD DD 6B CE   94 6A CD DE 69 7C 5B F8  .>.q..k..j..i.[.
0040: 4D 9F 7D 3A 37 7F 41 1D   7B 5C 8D 55 AB F8 49 E3  M..:7.A..\.U..I.
0050: 2F 07 A4 F5 05 5D FD 4E   B5 B0 24 06 5B FB 3D 9C  /....].N..$.[.=.
0060: 98 25 98 B8 95 4C 11 3D   0D 08 A1 A2 A8 8D 69 F7  .%...L.=......i.
0070: 9D AA 67 C1 51 E7 2D 00   54 3F F4 CE 8F 8D E2 D2  ..g.Q.-.T?......
0080: 77 3C 77 0A 3D 8B 0B 54   FB 52 07 1A BF F0 89 A3  w<w.=..T.R......
0090: 37 69 60 F9 6B 61 58 F9   41 89 CF 04 27 E4 4F 8F  7i`.kaX.A...'.O.
00A0: CA B0 E4 56 3C 15 21 9A   77 D9 1B 81 0C 2D D4 A1  ...V<.!.w....-..
00B0: DD 37 8A EA E5 7D EE BD   6A 0C 52 A3 8F 94 CE 46  .7......j.R....F
00C0: 85 C4 71 20 44 BC D5 A0   17 73 96 E8 E2 C9 99 F7  ..q D....s......
00D0: FC EF 00 A0 74 4B EB 53   6A 5A 3C FF C7 9B 07 48  ....tK.SjZ<....H
00E0: F7 3F 18 29 91 91 29 43   BB 0D A3 C9 4C 57 5C 9E  .?.)..)C....LW\.
00F0: C7 FB FB 1A 3F 5B 5D 36   27 2B F7 8E 3A 0D 43 00  ....?[]6'+..:.C.

]
***
%% Invalidated:  [Session-2, TLS_RSA_WITH_AES_128_CBC_SHA]
http-bio-8443-exec-5, SEND TLSv1 ALERT:  fatal, description = certificate_unknow
n
http-bio-8443-exec-5, WRITE: TLSv1 Alert, length = 2
http-bio-8443-exec-5, called closeSocket()
http-bio-8443-exec-5, handling exception: javax.net.ssl.SSLHandshakeException: s
un.security.validator.ValidatorException: PKIX path building failed: sun.securit
y.provider.certpath.SunCertPathBuilderException: unable to find valid certificat
ion path to requested target
2015-04-07 12:24:24,647 ERROR [org.jasig.cas.authentication.AuthenticationManage
rImpl] - <org.jasig.cas.adaptors.ldap.BindLdapAuthenticationHandler threw error
authenticating [username: corp.nurse]>
org.springframework.ldap.CommunicationException: ldaps.hma.com:636; nested excep
tion is javax.naming.CommunicationException: ldaps.hma.com:636 [Root exception i
s javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException
: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderEx
ception: unable to find valid certification path to requested target]
        at org.springframework.ldap.support.LdapUtils.convertLdapException(LdapU
tils.java:100)
        at org.springframework.ldap.core.support.AbstractContextSource.createCon
text(AbstractContextSource.java:266)
        at org.springframework.ldap.core.support.AbstractContextSource.getContex
t(AbstractContextSource.java:106)
        at org.springframework.ldap.core.support.AbstractContextSource.getReadOn
lyContext(AbstractContextSource.java:125)
        at org.springframework.ldap.core.LdapTemplate.search(LdapTemplate.java:2
87)
        at org.springframework.ldap.core.LdapTemplate.search(LdapTemplate.java:3
61)
        at org.jasig.cas.adaptors.ldap.BindLdapAuthenticationHandler.authenticat
eUsernamePasswordInternal(BindLdapAuthenticationHandler.java:90)
        at org.jasig.cas.authentication.handler.support.AbstractUsernamePassword
AuthenticationHandler.doAuthentication(AbstractUsernamePasswordAuthenticationHan
dler.java:71)
        at org.jasig.cas.authentication.handler.support.AbstractPreAndPostProces
singAuthenticationHandler.authenticate_aroundBody2(AbstractPreAndPostProcessingA
uthenticationHandler.java:85)
        at org.jasig.cas.authentication.handler.support.AbstractPreAndPostProces
singAuthenticationHandler.authenticate_aroundBody3$advice(AbstractPreAndPostProc
essingAuthenticationHandler.java:57)
        at org.jasig.cas.authentication.handler.support.AbstractPreAndPostProces
singAuthenticationHandler.authenticate(AbstractPreAndPostProcessingAuthenticatio
nHandler.java:1)
        at org.jasig.cas.authentication.AuthenticationManagerImpl.authenticateAn
dObtainPrincipal(AuthenticationManagerImpl.java:93)
        at org.jasig.cas.authentication.AbstractAuthenticationManager.authentica
te_aroundBody0(AbstractAuthenticationManager.java:57)
        at org.jasig.cas.authentication.AbstractAuthenticationManager.authentica
te_aroundBody1$advice(AbstractAuthenticationManager.java:57)
        at org.jasig.cas.authentication.AbstractAuthenticationManager.authentica
te(AbstractAuthenticationManager.java:1)
        at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
        at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.
java:57)
        at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAcces
sorImpl.java:43)
        at java.lang.reflect.Method.invoke(Method.java:601)
        at org.springframework.aop.support.AopUtils.invokeJoinpointUsingReflecti
on(AopUtils.java:318)
        at org.springframework.aop.framework.ReflectiveMethodInvocation.invokeJo
inpoint(ReflectiveMethodInvocation.java:183)
        at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(
ReflectiveMethodInvocation.java:150)
        at org.springframework.aop.aspectj.MethodInvocationProceedingJoinPoint.p
roceed(MethodInvocationProceedingJoinPoint.java:80)
        at org.perf4j.aop.AbstractTimingAspect$1.proceed(AbstractTimingAspect.ja
va:47)
        at org.perf4j.aop.AgnosticTimingAspect.runProfiledMethod(AgnosticTimingA
spect.java:53)
        at org.perf4j.aop.AbstractTimingAspect.doPerfLogging(AbstractTimingAspec
t.java:45)
        at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
        at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.
java:57)
        at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAcces
sorImpl.java:43)
        at java.lang.reflect.Method.invoke(Method.java:601)
        at org.springframework.aop.aspectj.AbstractAspectJAdvice.invokeAdviceMet
hodWithGivenArgs(AbstractAspectJAdvice.java:621)
        at org.springframework.aop.aspectj.AbstractAspectJAdvice.invokeAdviceMet
hod(AbstractAspectJAdvice.java:610)
        at org.springframework.aop.aspectj.AspectJAroundAdvice.invoke(AspectJAro
undAdvice.java:65)
        at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(
ReflectiveMethodInvocation.java:161)
        at org.springframework.aop.aspectj.MethodInvocationProceedingJoinPoint.p
roceed(MethodInvocationProceedingJoinPoint.java:80)
        at com.github.inspektr.audit.AuditTrailManagementAspect.handleAuditTrail
(AuditTrailManagementAspect.java:126)
        at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
        at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.
java:57)
        at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAcces
sorImpl.java:43)
        at java.lang.reflect.Method.invoke(Method.java:601)
        at org.springframework.aop.aspectj.AbstractAspectJAdvice.invokeAdviceMet
hodWithGivenArgs(AbstractAspectJAdvice.java:621)
        at org.springframework.aop.aspectj.AbstractAspectJAdvice.invokeAdviceMet
hod(AbstractAspectJAdvice.java:610)
        at org.springframework.aop.aspectj.AspectJAroundAdvice.invoke(AspectJAro
undAdvice.java:65)
        at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(
ReflectiveMethodInvocation.java:161)
        at org.springframework.aop.interceptor.ExposeInvocationInterceptor.invok
e(ExposeInvocationInterceptor.java:90)
        at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(
ReflectiveMethodInvocation.java:172)
        at org.springframework.aop.framework.JdkDynamicAopProxy.invoke(JdkDynami
cAopProxy.java:202)
        at com.sun.proxy.$Proxy25.authenticate(Unknown Source)
        at org.jasig.cas.CentralAuthenticationServiceImpl.createTicketGrantingTi
cket_aroundBody10(CentralAuthenticationServiceImpl.java:477)
        at org.jasig.cas.CentralAuthenticationServiceImpl.createTicketGrantingTi
cket_aroundBody11$advice(CentralAuthenticationServiceImpl.java:57)
        at org.jasig.cas.CentralAuthenticationServiceImpl.createTicketGrantingTi
cket(CentralAuthenticationServiceImpl.java:1)
        at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
        at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.
java:57)
        at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAcces
sorImpl.java:43)
        at java.lang.reflect.Method.invoke(Method.java:601)
        at org.springframework.aop.support.AopUtils.invokeJoinpointUsingReflecti
on(AopUtils.java:318)
        at org.springframework.aop.framework.ReflectiveMethodInvocation.invokeJo
inpoint(ReflectiveMethodInvocation.java:183)
        at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(
ReflectiveMethodInvocation.java:150)
        at org.springframework.aop.aspectj.MethodInvocationProceedingJoinPoint.p
roceed(MethodInvocationProceedingJoinPoint.java:80)
        at org.perf4j.aop.AbstractTimingAspect$1.proceed(AbstractTimingAspect.ja
va:47)
        at org.perf4j.aop.AgnosticTimingAspect.runProfiledMethod(AgnosticTimingA
spect.java:53)
        at org.perf4j.aop.AbstractTimingAspect.doPerfLogging(AbstractTimingAspec
t.java:45)
        at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
        at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.
java:57)
        at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAcces
sorImpl.java:43)
        at java.lang.reflect.Method.invoke(Method.java:601)
        at org.springframework.aop.aspectj.AbstractAspectJAdvice.invokeAdviceMet
hodWithGivenArgs(AbstractAspectJAdvice.java:621)
        at org.springframework.aop.aspectj.AbstractAspectJAdvice.invokeAdviceMet
hod(AbstractAspectJAdvice.java:610)
        at org.springframework.aop.aspectj.AspectJAroundAdvice.invoke(AspectJAro
undAdvice.java:65)
        at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(
ReflectiveMethodInvocation.java:161)
        at org.springframework.aop.aspectj.MethodInvocationProceedingJoinPoint.p
roceed(MethodInvocationProceedingJoinPoint.java:80)
        at com.github.inspektr.audit.AuditTrailManagementAspect.handleAuditTrail
(AuditTrailManagementAspect.java:126)
        at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
        at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.
java:57)
        at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAcces
sorImpl.java:43)
        at java.lang.reflect.Method.invoke(Method.java:601)
        at org.springframework.aop.aspectj.AbstractAspectJAdvice.invokeAdviceMet
hodWithGivenArgs(AbstractAspectJAdvice.java:621)
        at org.springframework.aop.aspectj.AbstractAspectJAdvice.invokeAdviceMet
hod(AbstractAspectJAdvice.java:610)
        at org.springframework.aop.aspectj.AspectJAroundAdvice.invoke(AspectJAro
undAdvice.java:65)
        at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(
ReflectiveMethodInvocation.java:161)
        at org.springframework.aop.interceptor.ExposeInvocationInterceptor.invok
e(ExposeInvocationInterceptor.java:90)
        at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(
ReflectiveMethodInvocation.java:172)
        at org.springframework.aop.framework.JdkDynamicAopProxy.invoke(JdkDynami
cAopProxy.java:202)
        at com.sun.proxy.$Proxy26.createTicketGrantingTicket(Unknown Source)
        at org.jasig.cas.web.flow.AuthenticationViaFormAction.submit_aroundBody2
(AuthenticationViaFormAction.java:109)
        at org.jasig.cas.web.flow.AuthenticationViaFormAction.submit_aroundBody3
$advice(AuthenticationViaFormAction.java:57)
        at org.jasig.cas.web.flow.AuthenticationViaFormAction.submit(Authenticat
ionViaFormAction.java:1)
        at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
        at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.
java:57)
        at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAcces
sorImpl.java:43)
        at java.lang.reflect.Method.invoke(Method.java:601)
        at ognl.OgnlRuntime.invokeMethod(OgnlRuntime.java:830)
        at ognl.OgnlRuntime.callAppropriateMethod(OgnlRuntime.java:1253)
        at ognl.ObjectMethodAccessor.callMethod(ObjectMethodAccessor.java:68)
        at ognl.OgnlRuntime.callMethod(OgnlRuntime.java:1329)
        at ognl.ASTMethod.getValueBody(ASTMethod.java:90)
        at ognl.SimpleNode.evaluateGetValueBody(SimpleNode.java:212)
        at ognl.SimpleNode.getValue(SimpleNode.java:258)
        at ognl.ASTChain.getValueBody(ASTChain.java:141)
        at ognl.SimpleNode.evaluateGetValueBody(SimpleNode.java:212)
        at ognl.SimpleNode.getValue(SimpleNode.java:258)
        at ognl.Ognl.getValue(Ognl.java:494)
        at org.springframework.binding._expression_.ognl.OgnlExpression.getValue(O
gnlExpression.java:85)
        at org.springframework.webflow.action.EvaluateAction.doExecute(EvaluateA
ction.java:75)
        at org.springframework.webflow.action.AbstractAction.execute(AbstractAct
ion.java:188)
        at org.springframework.webflow.execution.AnnotatedAction.execute(Annotat
edAction.java:145)
        at org.springframework.webflow.execution.ActionExecutor.execute(ActionEx
ecutor.java:51)
        at org.springframework.webflow.engine.ActionState.doEnter(ActionState.ja
va:101)
        at org.springframework.webflow.engine.State.enter(State.java:194)
        at org.springframework.webflow.engine.Transition.execute(Transition.java
:227)
        at org.springframework.webflow.engine.impl.FlowExecutionImpl.execute(Flo
wExecutionImpl.java:393)
        at org.springframework.webflow.engine.impl.RequestControlContextImpl.exe
cute(RequestControlContextImpl.java:214)
        at org.springframework.webflow.engine.TransitionableState.handleEvent(Tr
ansitionableState.java:119)
        at org.springframework.webflow.engine.Flow.handleEvent(Flow.java:555)
        at org.springframework.webflow.engine.impl.FlowExecutionImpl.handleEvent
(FlowExecutionImpl.java:388)
        at org.springframework.webflow.engine.impl.RequestControlContextImpl.han
dleEvent(RequestControlContextImpl.java:210)
        at org.springframework.webflow.engine.ViewState.handleEvent(ViewState.ja
va:232)
        at org.springframework.webflow.engine.ViewState.resume(ViewState.java:19
6)
        at org.springframework.webflow.engine.Flow.resume(Flow.java:545)
        at org.springframework.webflow.engine.impl.FlowExecutionImpl.resume(Flow
ExecutionImpl.java:261)
        at org.springframework.webflow.executor.FlowExecutorImpl.resumeExecution
(FlowExecutorImpl.java:169)
        at org.springframework.webflow.mvc.servlet.FlowHandlerAdapter.handle(Flo
wHandlerAdapter.java:183)
        at org.springframework.web.servlet.DispatcherServlet.doDispatch(Dispatch
erServlet.java:923)
        at org.springframework.web.servlet.DispatcherServlet.doService(Dispatche
rServlet.java:852)
        at org.springframework.web.servlet.FrameworkServlet.processRequest(Frame
workServlet.java:882)
        at org.springframework.web.servlet.FrameworkServlet.doPost(FrameworkServ
let.java:789)
        at javax.servlet.http.HttpServlet.service(HttpServlet.java:647)
        at javax.servlet.http.HttpServlet.service(HttpServlet.java:728)
        at org.jasig.cas.web.init.SafeDispatcherServlet.service_aroundBody2(Safe
DispatcherServlet.java:128)
        at org.jasig.cas.web.init.SafeDispatcherServlet.service_aroundBody3$advi
ce(SafeDispatcherServlet.java:57)
        at org.jasig.cas.web.init.SafeDispatcherServlet.service(SafeDispatcherSe
rvlet.java:1)
        at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(Appl
icationFilterChain.java:305)
        at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationF
ilterChain.java:210)
        at org.springframework.web.filter.CharacterEncodingFilter.doFilterIntern
al(CharacterEncodingFilter.java:88)
        at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerR
equestFilter.java:76)
        at org.springframework.web.filter.DelegatingFilterProxy.invokeDelegate(D
elegatingFilterProxy.java:346)
        at org.springframework.web.filter.DelegatingFilterProxy.doFilter(Delegat
ingFilterProxy.java:259)
        at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(Appl
icationFilterChain.java:243)
        at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationF
ilterChain.java:210)
        at com.github.inspektr.common.web.ClientInfoThreadLocalFilter.doFilter(C
lientInfoThreadLocalFilter.java:63)
        at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(Appl
icationFilterChain.java:243)
        at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationF
ilterChain.java:210)
        at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperV
alve.java:222)
        at org.apache.catalina.core.StandardContextValve.invoke(StandardContextV
alve.java:123)
        at org.apache.catalina.authenticator.AuthenticatorBase.invoke(Authentica
torBase.java:472)
        at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.j
ava:171)
        at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.j
ava:99)
        at org.apache.catalina.valves.AccessLogValve.invoke(AccessLogValve.java:
936)
        at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineVal
ve.java:118)
        at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.jav
a:407)
        at org.apache.coyote.http11.AbstractHttp11Processor.process(AbstractHttp
11Processor.java:1004)
        at org.apache.coyote.AbstractProtocol$AbstractConnectionHandler.process(
AbstractProtocol.java:589)
        at org.apache.tomcat.util.net.JIoEndpoint$SocketProcessor.run(JIoEndpoin
t.java:312)
        at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.
java:1145)
        at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor
.java:615)
        at java.lang.Thread.run(Thread.java:722)
Caused by: javax.naming.CommunicationException: ldaps.hma.com:636 [Root exceptio
n is javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorExcept
ion: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilde
rException: unable to find valid certification path to requested target]
        at com.sun.jndi.ldap.Connection.<init>(Connection.java:224)
        at com.sun.jndi.ldap.LdapClient.<init>(LdapClient.java:136)
        at com.sun.jndi.ldap.LdapClient.getInstance(LdapClient.java:1600)
        at com.sun.jndi.ldap.LdapCtx.connect(LdapCtx.java:2698)
        at com.sun.jndi.ldap.LdapCtx.<init>(LdapCtx.java:316)
        at com.sun.jndi.ldap.LdapCtxFactory.getUsingURL(LdapCtxFactory.java:193)

        at com.sun.jndi.ldap.LdapCtxFactory.getUsingURLs(LdapCtxFactory.java:211
)
        at com.sun.jndi.ldap.LdapCtxFactory.getLdapCtxInstance(LdapCtxFactory.ja
va:154)
        at com.sun.jndi.ldap.LdapCtxFactory.getInitialContext(LdapCtxFactory.jav
a:84)
        at javax.naming.spi.NamingManager.getInitialContext(NamingManager.java:6
84)
        at javax.naming.InitialContext.getDefaultInitCtx(InitialContext.java:307
)
        at javax.naming.InitialContext.init(InitialContext.java:242)
        at javax.naming.ldap.InitialLdapContext.<init>(InitialLdapContext.java:1
53)
        at org.springframework.ldap.core.support.LdapContextSource.getDirContext
Instance(LdapContextSource.java:43)
        at org.springframework.ldap.core.support.AbstractContextSource.createCon
text(AbstractContextSource.java:254)
        ... 154 more
Caused by: javax.net.ssl.SSLHandshakeException: sun.security.validator.Validator
Exception: PKIX path building failed: sun.security.provider.certpath.SunCertPath
BuilderException: unable to find valid certification path to requested target
        at sun.security.ssl.Alerts.getSSLException(Alerts.java:192)
        at sun.security.ssl.SSLSocketImpl.fatal(SSLSocketImpl.java:1886)
        at sun.security.ssl.Handshaker.fatalSE(Handshaker.java:276)
        at sun.security.ssl.Handshaker.fatalSE(Handshaker.java:270)
        at sun.security.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.
java:1341)
        at sun.security.ssl.ClientHandshaker.processMessage(ClientHandshaker.jav
a:153)
        at sun.security.ssl.Handshaker.processLoop(Handshaker.java:868)
        at sun.security.ssl.Handshaker.process_record(Handshaker.java:804)
        at sun.security.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:1016)
        at sun.security.ssl.SSLSocketImpl.performInitialHandshake(SSLSocketImpl.
java:1312)
        at sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1339
)
        at sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1323
)
        at com.sun.jndi.ldap.Connection.createSocket(Connection.java:379)
        at com.sun.jndi.ldap.Connection.<init>(Connection.java:201)
        ... 168 more
Caused by: sun.security.validator.ValidatorException: PKIX path building failed:
 sun.security.provider.certpath.SunCertPathBuilderException: unable to find vali
d certification path to requested target
        at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:385)
        at sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.jav
a:292)
        at sun.security.validator.Validator.validate(Validator.java:260)
        at sun.security.ssl.X509TrustManagerImpl.validate(X509TrustManagerImpl.j
ava:326)
        at sun.security.ssl.X509TrustManagerImpl.checkTrusted(X509TrustManagerIm
pl.java:231)
        at sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustMan
agerImpl.java:126)
        at sun.security.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.
java:1323)
        ... 177 more
Caused by: sun.security.provider.certpath.SunCertPathBuilderException: unable to
 find valid certification path to requested target
        at sun.security.provider.certpath.SunCertPathBuilder.engineBuild(SunCert
PathBuilder.java:196)
        at java.security.cert.CertPathBuilder.build(CertPathBuilder.java:268)
        at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:380)
        ... 183 more

-- 
You are currently subscribed to [email protected] as: [email protected]
To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user
-- 
You are currently subscribed to [email protected] as: [email protected]
To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user

Reply via email to