Hi John, Looks like that was the issue. I did export certificate to jre's cacerts, but for some reason, the keystore lookedup was - jssecacerts.
Things worked fine after I added certificate to jssecacerts. Regards, Venkatesh On Tue, Apr 7, 2015 at 8:49 PM, John Gasper <[email protected]> wrote: > Hello, > > Have you exported the ldap server's cert/chain and imported it into the > jre's cacerts file? I don't see a reference in the ssl trace for > ldaps.hma.com. > On Apr 7, 2015 12:08 AM, Venkatesh Babu KR <[email protected]> wrote: > > Hi, > > We are working to setup CAS server version - 3.5.2 to work with our secure > LDAP server. However, running into issues with the SSL handshake. We get > exception: > > sun.security.validator.ValidatorException: PKIX path building failed: > sun.security.provider.certpath.SunCertPathBuilderException: unable to find > valid certification path to requested target > > I tried incorporating all troubleshooting stuff mentioned in following > link: > https://wiki.jasig.org/display/casum/ssl+troubleshooting+and+reference+guide, > still running into the same issue. So, given below is the SSL trace > obtained from my tomcat. Would somebody be able to help us out here and > mention what is going wrong, and how to fix the same? Really appreciate > your help here. > > Regards, > Venkatesh > > SSL trace: > ======== > Is initial handshake: true > Is secure renegotiation: false > http-bio-8443-exec-5, setSoTimeout(3000) called > %% No cached client session > *** ClientHello, TLSv1 > RandomCookie: GMT: 1428389663 bytes = { 107, 68, 168, 45, 221, 151, 251, > 41, 43 > , 169, 18, 242, 142, 0, 79, 93, 30, 204, 181, 254, 173, 49, 156, 242, 99, > 224, 2 > 07, 2 } > Session ID: {} > Cipher Suites: [TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA, > TLS_ECDHE_RSA_WITH_AES_128 > _CBC_SHA, TLS_RSA_WITH_AES_128_CBC_SHA, > TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA, TLS > _ECDH_RSA_WITH_AES_128_CBC_SHA, TLS_DHE_RSA_WITH_AES_128_CBC_SHA, > TLS_DHE_DSS_WI > TH_AES_128_CBC_SHA, TLS_ECDHE_ECDSA_WITH_RC4_128_SHA, > TLS_ECDHE_RSA_WITH_RC4_128 > _SHA, SSL_RSA_WITH_RC4_128_SHA, TLS_ECDH_ECDSA_WITH_RC4_128_SHA, > TLS_ECDH_RSA_WI > TH_RC4_128_SHA, TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA, > TLS_ECDHE_RSA_WITH_3DES_E > DE_CBC_SHA, SSL_RSA_WITH_3DES_EDE_CBC_SHA, > TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA, > TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA, SSL_DHE_RSA_WITH_3DES_EDE_CBC_SHA, > SSL_DHE_ > DSS_WITH_3DES_EDE_CBC_SHA, SSL_RSA_WITH_RC4_128_MD5, > TLS_EMPTY_RENEGOTIATION_INF > O_SCSV] > Compression Methods: { 0 } > Extension elliptic_curves, curve names: {secp256r1, sect163k1, sect163r2, > secp19 > 2r1, secp224r1, sect233k1, sect233r1, sect283k1, sect283r1, secp384r1, > sect409k1 > , sect409r1, secp521r1, sect571k1, sect571r1, secp160k1, secp160r1, > secp160r2, s > ect163r1, secp192k1, sect193r1, sect193r2, secp224k1, sect239k1, secp256k1} > Extension ec_point_formats, formats: [uncompressed] > *** > http-bio-8443-exec-5, WRITE: TLSv1 Handshake, length = 149 > http-bio-8443-exec-5, READ: TLSv1 Handshake, length = 5089 > *** ServerHello, TLSv1 > RandomCookie: GMT: 1428389663 bytes = { 249, 216, 159, 16, 62, 117, 92, > 153, 37 > , 122, 171, 186, 182, 204, 148, 71, 198, 113, 223, 0, 227, 187, 48, 1, > 215, 161, > 252, 189 } > Session ID: {8, 56, 0, 0, 23, 230, 106, 155, 234, 191, 212, 35, 42, 164, > 246, 7 > 2, 47, 146, 174, 115, 25, 64, 143, 7, 11, 54, 26, 6, 125, 239, 205, 71} > Cipher Suite: TLS_RSA_WITH_AES_128_CBC_SHA > Compression Method: 0 > Extension renegotiation_info, renegotiated_connection: <empty> > *** > %% Initialized: [Session-2, TLS_RSA_WITH_AES_128_CBC_SHA] > ** TLS_RSA_WITH_AES_128_CBC_SHA > *** Certificate chain > chain [0] = [ > [ > Version: V3 > Subject: > Signature Algorithm: SHA256withRSA, OID = 1.2.840.113549.1.1.11 > > Key: Sun RSA public key, 1024 bits > modulus: > 123587049144444449866062873316371894902716725437121501991374083492415 > > 21336397423864928961495010744530119809441226215782787448955326099692069963007787 > > 00088167939390598502948672895684688614282870790423689814626939394613797008369843 > > 21137000130555242549253625882064313063982563252949590488818446778990478859280853 > > public exponent: 65537 > Validity: [From: Fri Sep 05 05:01:29 IST 2014, > To: Sat Sep 05 05:01:29 IST 2015] > Issuer: CN=HMAIssuingCA, DC=hma, DC=com > SerialNumber: [ 18f3696d 00000066 714e] > > Certificate Extensions: 9 > [1]: ObjectId: 1.3.6.1.4.1.311.21.10 Criticality=false > Extension unknown: DER encoded OCTET string = > 0000: 04 28 30 26 30 0A 06 08 2B 06 01 05 05 07 03 02 .(0&0...+....... > 0010: 30 0A 06 08 2B 06 01 05 05 07 03 01 30 0C 06 0A 0...+.......0... > 0020: 2B 06 01 04 01 82 37 14 02 02 +.....7... > > > [2]: ObjectId: 1.3.6.1.4.1.311.21.7 Criticality=false > Extension unknown: DER encoded OCTET string = > 0000: 04 2A 30 28 06 20 2B 06 01 04 01 82 37 15 08 87 .*0(. +.....7... > 0010: B5 A4 60 83 E7 8D 54 84 ED 85 1B 83 FB D9 4C 85 ..`...T.......L. > 0020: D8 91 7E 27 01 1C 02 01 6E 02 01 00 ...'....n... > > > [3]: ObjectId: 1.3.6.1.5.5.7.1.1 Criticality=false > AuthorityInfoAccess [ > [ > accessMethod: caIssuers > accessLocation: URIName: > ldap:///CN=HMAIssuingCA,CN=AIA,CN=Public%20Key%20Ser > > vices,CN=Services,CN=Configuration,DC=hma,DC=com?cACertificate?base?objectClass= > certificationAuthority > , > accessMethod: caIssuers > accessLocation: URIName: > http://pki.hma.com/CertEnroll/000TIER2CA01.hma.com_H > MAIssuingCA.crt > ] > ] > > [4]: ObjectId: 2.5.29.35 Criticality=false > AuthorityKeyIdentifier [ > KeyIdentifier [ > 0000: 0A 11 AC D4 3C 0D 15 9D F6 CE 86 BB 32 ED 38 2E ....<.......2.8. > 0010: 93 CA F5 E2 .... > ] > ] > > [5]: ObjectId: 2.5.29.31 Criticality=false > CRLDistributionPoints [ > [DistributionPoint: > [URIName: > ldap:///CN=HMAIssuingCA,CN=000TIER2CA01,CN=CDP,CN=Public%20Key%20 > > Services,CN=Services,CN=Configuration,DC=hma,DC=com?certificateRevocationList?ba > se?objectClass=cRLDistributionPoint, URIName: > http://pki.hma.com/CertEnroll/HMAI > ssuingCA.crl] > ]] > > [6]: ObjectId: 2.5.29.37 Criticality=false > ExtendedKeyUsages [ > clientAuth > serverAuth > 1.3.6.1.4.1.311.20.2.2 > ] > > [7]: ObjectId: 2.5.29.15 Criticality=false > KeyUsage [ > DigitalSignature > Key_Encipherment > ] > > [8]: ObjectId: 2.5.29.17 Criticality=true > SubjectAlternativeName [ > DNSName: 00aDC02.hma.com > ] > > [9]: ObjectId: 2.5.29.14 Criticality=false > SubjectKeyIdentifier [ > KeyIdentifier [ > 0000: C4 CC A6 1D D9 93 CA 64 35 68 EB 4C 93 A6 DB 0F .......d5h.L.... > 0010: 47 02 13 57 G..W > ] > ] > > ] > Algorithm: [SHA256withRSA] > Signature: > 0000: AE 27 CF A8 DA B2 94 8A 3B 62 49 2E 6F B8 F6 96 .'......;bI.o... > 0010: 2B 77 67 3A 16 CA 1D 95 84 C2 2A B3 FA 94 44 00 +wg:......*...D. > 0020: D1 66 E3 EF 89 08 6A 71 7F 24 10 C8 18 4F A8 E8 .f....jq.$...O.. > 0030: 34 C7 24 C4 CE 6D D1 D8 5E 94 28 14 76 11 38 81 4.$..m..^.(.v.8. > 0040: 7B 82 2F C0 29 5A C1 4C 08 65 09 EC 33 2F 4B 84 ../.)Z.L.e..3/K. > 0050: 2F 6A 84 63 73 35 E6 F3 32 C5 BD 43 E9 36 F1 A2 /j.cs5..2..C.6.. > 0060: 9C 2A 0F DB 45 28 5E 99 69 D8 F9 94 2C 5A 72 76 .*..E(^.i...,Zrv > 0070: 47 78 AA A3 92 B3 37 F1 65 A7 EC BF 0D 06 82 9E Gx....7.e....... > 0080: A4 A4 2F 9C AD 39 95 5B B1 A3 3A DB B4 A9 D7 CA ../..9.[..:..... > 0090: 94 6E F4 E5 8B 14 07 7D D8 77 F1 9A 33 18 DC F7 .n.......w..3... > 00A0: E1 57 FF EB 89 12 3A BF 6C 9E E6 56 F0 9F 30 18 .W....:.l..V..0. > 00B0: 76 2D E0 E2 9D 96 8B 23 C1 6F 82 EE BC C7 2C F8 v-.....#.o....,. > 00C0: 62 8A 23 9F 74 4A 51 4E 83 0D 65 D3 BC EF D3 61 b.#.tJQN..e....a > 00D0: 66 15 DD 19 08 92 01 18 61 EF 11 7D 5F 92 BC 83 f.......a..._... > 00E0: 4F 2B A0 78 46 B9 71 6A 26 04 8E 69 9E E4 9E B7 O+.xF.qj&..i.... > 00F0: 58 79 1E CA 3C A9 77 CA C7 8A 5B EA 05 BE E2 72 Xy..<.w...[....r > > ] > chain [1] = [ > [ > Version: V3 > Subject: CN=HMAIssuingCA, DC=hma, DC=com > Signature Algorithm: SHA1withRSA, OID = 1.2.840.113549.1.1.5 > > Key: Sun RSA public key, 2048 bits > modulus: > 252119053238242016428096556407677069930262456375977811240478656854140 > > 22269270066845993050661647363969176941359559384849895482390283770784670290665316 > > 68567149031446747822130256736169933543499767564842682928212982603592939565647469 > > 14732367403895805800667905236178329987746862841039128052872776131492353155091365 > > 79773720529093462224208784199511914884259298345528564535940988055868147460665404 > > 00716000591208615176350207979540480355338345194959902532132868266372698950118274 > > 63021424122193278074100425839211154803053898072437474040280296932847671882474501 > 98231706482551103961524356749651931903910820032892237106364421885541 > public exponent: 65537 > Validity: [From: Wed Oct 16 20:01:35 IST 2013, > To: Mon Oct 16 20:11:35 IST 2023] > Issuer: CN=HMAROOT-CA > SerialNumber: [ 6134bc1e 00000000 0002] > > Certificate Extensions: 8 > [1]: ObjectId: 1.3.6.1.4.1.311.20.2 Criticality=false > Extension unknown: DER encoded OCTET string = > 0000: 04 0C 1E 0A 00 53 00 75 00 62 00 43 00 41 .....S.u.b.C.A > > > [2]: ObjectId: 1.3.6.1.4.1.311.21.1 Criticality=false > Extension unknown: DER encoded OCTET string = > 0000: 04 03 02 01 00 ..... > > > [3]: ObjectId: 1.3.6.1.5.5.7.1.1 Criticality=false > AuthorityInfoAccess [ > [ > accessMethod: caIssuers > accessLocation: URIName: > ldap:///CN=HMAROOT-CA,CN=AIA,CN=Public%20Key%20Servi > > ces,CN=Services,DC=UnavailableConfigDN?cACertificate?base?objectClass=certificat > ionAuthority > , > accessMethod: caIssuers > accessLocation: URIName: > http://pki.hma.com/CertEnroll/000TIER1CA01_HMAROOT-C > A.crt > ] > ] > > [4]: ObjectId: 2.5.29.35 Criticality=false > AuthorityKeyIdentifier [ > KeyIdentifier [ > 0000: 59 86 B0 43 AF 92 63 14 09 60 B5 99 09 71 DB 2D Y..C..c..`...q.- > 0010: 5D 3E A7 4E ]>.N > ] > ] > > [5]: ObjectId: 2.5.29.19 Criticality=true > BasicConstraints:[ > CA:true > PathLen:2147483647 > ] > > [6]: ObjectId: 2.5.29.31 Criticality=false > CRLDistributionPoints [ > [DistributionPoint: > [URIName: > ldap:///CN=HMAROOT-CA,CN=000TIER1CA01,CN=CDP,CN=Public%20Key%20Se > > rvices,CN=Services,DC=UnavailableConfigDN?certificateRevocationList?base?objectC > lass=cRLDistributionPoint, URIName: > http://pki.hma.com/CertEnroll/HMAROOT-CA.crl > ] > ]] > > [7]: ObjectId: 2.5.29.15 Criticality=false > KeyUsage [ > DigitalSignature > Key_CertSign > Crl_Sign > ] > > [8]: ObjectId: 2.5.29.14 Criticality=false > SubjectKeyIdentifier [ > KeyIdentifier [ > 0000: 0A 11 AC D4 3C 0D 15 9D F6 CE 86 BB 32 ED 38 2E ....<.......2.8. > 0010: 93 CA F5 E2 .... > ] > ] > > ] > Algorithm: [SHA1withRSA] > Signature: > 0000: 79 3C C0 D7 D6 B4 DD 9E 60 4C D0 90 C0 B3 DD D3 y<......`L...... > 0010: F2 52 F1 82 6E 15 41 67 6F 92 E7 87 C6 6C 92 C9 .R..n.Ago....l.. > 0020: 2F 80 A8 74 96 55 43 FB 3D 43 93 70 26 09 E3 25 /..t.UC.=C.p&..% > 0030: 04 3E 8E 71 FD DD 6B CE 94 6A CD DE 69 7C 5B F8 .>.q..k..j..i.[. > 0040: 4D 9F 7D 3A 37 7F 41 1D 7B 5C 8D 55 AB F8 49 E3 M..:7.A..\.U..I. > 0050: 2F 07 A4 F5 05 5D FD 4E B5 B0 24 06 5B FB 3D 9C /....].N..$.[.=. > 0060: 98 25 98 B8 95 4C 11 3D 0D 08 A1 A2 A8 8D 69 F7 .%...L.=......i. > 0070: 9D AA 67 C1 51 E7 2D 00 54 3F F4 CE 8F 8D E2 D2 ..g.Q.-.T?...... > 0080: 77 3C 77 0A 3D 8B 0B 54 FB 52 07 1A BF F0 89 A3 w<w.=..T.R...... > 0090: 37 69 60 F9 6B 61 58 F9 41 89 CF 04 27 E4 4F 8F 7i`.kaX.A...'.O. > 00A0: CA B0 E4 56 3C 15 21 9A 77 D9 1B 81 0C 2D D4 A1 ...V<.!.w....-.. > 00B0: DD 37 8A EA E5 7D EE BD 6A 0C 52 A3 8F 94 CE 46 .7......j.R....F > 00C0: 85 C4 71 20 44 BC D5 A0 17 73 96 E8 E2 C9 99 F7 ..q D....s...... > 00D0: FC EF 00 A0 74 4B EB 53 6A 5A 3C FF C7 9B 07 48 ....tK.SjZ<....H > 00E0: F7 3F 18 29 91 91 29 43 BB 0D A3 C9 4C 57 5C 9E .?.)..)C....LW\. > 00F0: C7 FB FB 1A 3F 5B 5D 36 27 2B F7 8E 3A 0D 43 00 ....?[]6'+..:.C. > > ] > *** > %% Invalidated: [Session-2, TLS_RSA_WITH_AES_128_CBC_SHA] > http-bio-8443-exec-5, SEND TLSv1 ALERT: fatal, description = > certificate_unknow > n > http-bio-8443-exec-5, WRITE: TLSv1 Alert, length = 2 > http-bio-8443-exec-5, called closeSocket() > http-bio-8443-exec-5, handling exception: > javax.net.ssl.SSLHandshakeException: s > un.security.validator.ValidatorException: PKIX path building failed: > sun.securit > y.provider.certpath.SunCertPathBuilderException: unable to find valid > certificat > ion path to requested target > 2015-04-07 12:24:24,647 ERROR > [org.jasig.cas.authentication.AuthenticationManage > rImpl] - <org.jasig.cas.adaptors.ldap.BindLdapAuthenticationHandler threw > error > authenticating [username: corp.nurse]> > org.springframework.ldap.CommunicationException: ldaps.hma.com:636; > nested excep > tion is javax.naming.CommunicationException: ldaps.hma.com:636 [Root > exception i > s javax.net.ssl.SSLHandshakeException: > sun.security.validator.ValidatorException > : PKIX path building failed: > sun.security.provider.certpath.SunCertPathBuilderEx > ception: unable to find valid certification path to requested target] > at > org.springframework.ldap.support.LdapUtils.convertLdapException(LdapU > tils.java:100) > at > org.springframework.ldap.core.support.AbstractContextSource.createCon > text(AbstractContextSource.java:266) > at > org.springframework.ldap.core.support.AbstractContextSource.getContex > t(AbstractContextSource.java:106) > at > org.springframework.ldap.core.support.AbstractContextSource.getReadOn > lyContext(AbstractContextSource.java:125) > at > org.springframework.ldap.core.LdapTemplate.search(LdapTemplate.java:2 > 87) > at > org.springframework.ldap.core.LdapTemplate.search(LdapTemplate.java:3 > 61) > at > org.jasig.cas.adaptors.ldap.BindLdapAuthenticationHandler.authenticat > eUsernamePasswordInternal(BindLdapAuthenticationHandler.java:90) > at > org.jasig.cas.authentication.handler.support.AbstractUsernamePassword > > AuthenticationHandler.doAuthentication(AbstractUsernamePasswordAuthenticationHan > dler.java:71) > at > org.jasig.cas.authentication.handler.support.AbstractPreAndPostProces > > singAuthenticationHandler.authenticate_aroundBody2(AbstractPreAndPostProcessingA > uthenticationHandler.java:85) > at > org.jasig.cas.authentication.handler.support.AbstractPreAndPostProces > > singAuthenticationHandler.authenticate_aroundBody3$advice(AbstractPreAndPostProc > essingAuthenticationHandler.java:57) > at > org.jasig.cas.authentication.handler.support.AbstractPreAndPostProces > > singAuthenticationHandler.authenticate(AbstractPreAndPostProcessingAuthenticatio > nHandler.java:1) > at > org.jasig.cas.authentication.AuthenticationManagerImpl.authenticateAn > dObtainPrincipal(AuthenticationManagerImpl.java:93) > at > org.jasig.cas.authentication.AbstractAuthenticationManager.authentica > te_aroundBody0(AbstractAuthenticationManager.java:57) > at > org.jasig.cas.authentication.AbstractAuthenticationManager.authentica > te_aroundBody1$advice(AbstractAuthenticationManager.java:57) > at > org.jasig.cas.authentication.AbstractAuthenticationManager.authentica > te(AbstractAuthenticationManager.java:1) > at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) > at > sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl. > java:57) > at > sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAcces > sorImpl.java:43) > at java.lang.reflect.Method.invoke(Method.java:601) > at > org.springframework.aop.support.AopUtils.invokeJoinpointUsingReflecti > on(AopUtils.java:318) > at > org.springframework.aop.framework.ReflectiveMethodInvocation.invokeJo > inpoint(ReflectiveMethodInvocation.java:183) > at > org.springframework.aop.framework.ReflectiveMethodInvocation.proceed( > ReflectiveMethodInvocation.java:150) > at > org.springframework.aop.aspectj.MethodInvocationProceedingJoinPoint.p > roceed(MethodInvocationProceedingJoinPoint.java:80) > at > org.perf4j.aop.AbstractTimingAspect$1.proceed(AbstractTimingAspect.ja > va:47) > at > org.perf4j.aop.AgnosticTimingAspect.runProfiledMethod(AgnosticTimingA > spect.java:53) > at > org.perf4j.aop.AbstractTimingAspect.doPerfLogging(AbstractTimingAspec > t.java:45) > at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) > at > sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl. > java:57) > at > sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAcces > sorImpl.java:43) > at java.lang.reflect.Method.invoke(Method.java:601) > at > org.springframework.aop.aspectj.AbstractAspectJAdvice.invokeAdviceMet > hodWithGivenArgs(AbstractAspectJAdvice.java:621) > at > org.springframework.aop.aspectj.AbstractAspectJAdvice.invokeAdviceMet > hod(AbstractAspectJAdvice.java:610) > at > org.springframework.aop.aspectj.AspectJAroundAdvice.invoke(AspectJAro > undAdvice.java:65) > at > org.springframework.aop.framework.ReflectiveMethodInvocation.proceed( > ReflectiveMethodInvocation.java:161) > at > org.springframework.aop.aspectj.MethodInvocationProceedingJoinPoint.p > roceed(MethodInvocationProceedingJoinPoint.java:80) > at > com.github.inspektr.audit.AuditTrailManagementAspect.handleAuditTrail > (AuditTrailManagementAspect.java:126) > at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) > at > sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl. > java:57) > at > sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAcces > sorImpl.java:43) > at java.lang.reflect.Method.invoke(Method.java:601) > at > org.springframework.aop.aspectj.AbstractAspectJAdvice.invokeAdviceMet > hodWithGivenArgs(AbstractAspectJAdvice.java:621) > at > org.springframework.aop.aspectj.AbstractAspectJAdvice.invokeAdviceMet > hod(AbstractAspectJAdvice.java:610) > at > org.springframework.aop.aspectj.AspectJAroundAdvice.invoke(AspectJAro > undAdvice.java:65) > at > org.springframework.aop.framework.ReflectiveMethodInvocation.proceed( > ReflectiveMethodInvocation.java:161) > at > org.springframework.aop.interceptor.ExposeInvocationInterceptor.invok > e(ExposeInvocationInterceptor.java:90) > at > org.springframework.aop.framework.ReflectiveMethodInvocation.proceed( > ReflectiveMethodInvocation.java:172) > at > org.springframework.aop.framework.JdkDynamicAopProxy.invoke(JdkDynami > cAopProxy.java:202) > at com.sun.proxy.$Proxy25.authenticate(Unknown Source) > at > org.jasig.cas.CentralAuthenticationServiceImpl.createTicketGrantingTi > cket_aroundBody10(CentralAuthenticationServiceImpl.java:477) > at > org.jasig.cas.CentralAuthenticationServiceImpl.createTicketGrantingTi > cket_aroundBody11$advice(CentralAuthenticationServiceImpl.java:57) > at > org.jasig.cas.CentralAuthenticationServiceImpl.createTicketGrantingTi > cket(CentralAuthenticationServiceImpl.java:1) > at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) > at > sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl. > java:57) > at > sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAcces > sorImpl.java:43) > at java.lang.reflect.Method.invoke(Method.java:601) > at > org.springframework.aop.support.AopUtils.invokeJoinpointUsingReflecti > on(AopUtils.java:318) > at > org.springframework.aop.framework.ReflectiveMethodInvocation.invokeJo > inpoint(ReflectiveMethodInvocation.java:183) > at > org.springframework.aop.framework.ReflectiveMethodInvocation.proceed( > ReflectiveMethodInvocation.java:150) > at > org.springframework.aop.aspectj.MethodInvocationProceedingJoinPoint.p > roceed(MethodInvocationProceedingJoinPoint.java:80) > at > org.perf4j.aop.AbstractTimingAspect$1.proceed(AbstractTimingAspect.ja > va:47) > at > org.perf4j.aop.AgnosticTimingAspect.runProfiledMethod(AgnosticTimingA > spect.java:53) > at > org.perf4j.aop.AbstractTimingAspect.doPerfLogging(AbstractTimingAspec > t.java:45) > at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) > at > sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl. > java:57) > at > sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAcces > sorImpl.java:43) > at java.lang.reflect.Method.invoke(Method.java:601) > at > org.springframework.aop.aspectj.AbstractAspectJAdvice.invokeAdviceMet > hodWithGivenArgs(AbstractAspectJAdvice.java:621) > at > org.springframework.aop.aspectj.AbstractAspectJAdvice.invokeAdviceMet > hod(AbstractAspectJAdvice.java:610) > at > org.springframework.aop.aspectj.AspectJAroundAdvice.invoke(AspectJAro > undAdvice.java:65) > at > org.springframework.aop.framework.ReflectiveMethodInvocation.proceed( > ReflectiveMethodInvocation.java:161) > at > org.springframework.aop.aspectj.MethodInvocationProceedingJoinPoint.p > roceed(MethodInvocationProceedingJoinPoint.java:80) > at > com.github.inspektr.audit.AuditTrailManagementAspect.handleAuditTrail > (AuditTrailManagementAspect.java:126) > at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) > at > sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl. > java:57) > at > sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAcces > sorImpl.java:43) > at java.lang.reflect.Method.invoke(Method.java:601) > at > org.springframework.aop.aspectj.AbstractAspectJAdvice.invokeAdviceMet > hodWithGivenArgs(AbstractAspectJAdvice.java:621) > at > org.springframework.aop.aspectj.AbstractAspectJAdvice.invokeAdviceMet > hod(AbstractAspectJAdvice.java:610) > at > org.springframework.aop.aspectj.AspectJAroundAdvice.invoke(AspectJAro > undAdvice.java:65) > at > org.springframework.aop.framework.ReflectiveMethodInvocation.proceed( > ReflectiveMethodInvocation.java:161) > at > org.springframework.aop.interceptor.ExposeInvocationInterceptor.invok > e(ExposeInvocationInterceptor.java:90) > at > org.springframework.aop.framework.ReflectiveMethodInvocation.proceed( > ReflectiveMethodInvocation.java:172) > at > org.springframework.aop.framework.JdkDynamicAopProxy.invoke(JdkDynami > cAopProxy.java:202) > at com.sun.proxy.$Proxy26.createTicketGrantingTicket(Unknown > Source) > at > org.jasig.cas.web.flow.AuthenticationViaFormAction.submit_aroundBody2 > (AuthenticationViaFormAction.java:109) > at > org.jasig.cas.web.flow.AuthenticationViaFormAction.submit_aroundBody3 > $advice(AuthenticationViaFormAction.java:57) > at > org.jasig.cas.web.flow.AuthenticationViaFormAction.submit(Authenticat > ionViaFormAction.java:1) > at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) > at > sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl. > java:57) > at > sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAcces > sorImpl.java:43) > at java.lang.reflect.Method.invoke(Method.java:601) > at ognl.OgnlRuntime.invokeMethod(OgnlRuntime.java:830) > at ognl.OgnlRuntime.callAppropriateMethod(OgnlRuntime.java:1253) > at > ognl.ObjectMethodAccessor.callMethod(ObjectMethodAccessor.java:68) > at ognl.OgnlRuntime.callMethod(OgnlRuntime.java:1329) > at ognl.ASTMethod.getValueBody(ASTMethod.java:90) > at ognl.SimpleNode.evaluateGetValueBody(SimpleNode.java:212) > at ognl.SimpleNode.getValue(SimpleNode.java:258) > at ognl.ASTChain.getValueBody(ASTChain.java:141) > at ognl.SimpleNode.evaluateGetValueBody(SimpleNode.java:212) > at ognl.SimpleNode.getValue(SimpleNode.java:258) > at ognl.Ognl.getValue(Ognl.java:494) > at > org.springframework.binding.expression.ognl.OgnlExpression.getValue(O > gnlExpression.java:85) > at > org.springframework.webflow.action.EvaluateAction.doExecute(EvaluateA > ction.java:75) > at > org.springframework.webflow.action.AbstractAction.execute(AbstractAct > ion.java:188) > at > org.springframework.webflow.execution.AnnotatedAction.execute(Annotat > edAction.java:145) > at > org.springframework.webflow.execution.ActionExecutor.execute(ActionEx > ecutor.java:51) > at > org.springframework.webflow.engine.ActionState.doEnter(ActionState.ja > va:101) > at org.springframework.webflow.engine.State.enter(State.java:194) > at > org.springframework.webflow.engine.Transition.execute(Transition.java > :227) > at > org.springframework.webflow.engine.impl.FlowExecutionImpl.execute(Flo > wExecutionImpl.java:393) > at > org.springframework.webflow.engine.impl.RequestControlContextImpl.exe > cute(RequestControlContextImpl.java:214) > at > org.springframework.webflow.engine.TransitionableState.handleEvent(Tr > ansitionableState.java:119) > at > org.springframework.webflow.engine.Flow.handleEvent(Flow.java:555) > at > org.springframework.webflow.engine.impl.FlowExecutionImpl.handleEvent > (FlowExecutionImpl.java:388) > at > org.springframework.webflow.engine.impl.RequestControlContextImpl.han > dleEvent(RequestControlContextImpl.java:210) > at > org.springframework.webflow.engine.ViewState.handleEvent(ViewState.ja > va:232) > at > org.springframework.webflow.engine.ViewState.resume(ViewState.java:19 > 6) > at org.springframework.webflow.engine.Flow.resume(Flow.java:545) > at > org.springframework.webflow.engine.impl.FlowExecutionImpl.resume(Flow > ExecutionImpl.java:261) > at > org.springframework.webflow.executor.FlowExecutorImpl.resumeExecution > (FlowExecutorImpl.java:169) > at > org.springframework.webflow.mvc.servlet.FlowHandlerAdapter.handle(Flo > wHandlerAdapter.java:183) > at > org.springframework.web.servlet.DispatcherServlet.doDispatch(Dispatch > erServlet.java:923) > at > org.springframework.web.servlet.DispatcherServlet.doService(Dispatche > rServlet.java:852) > at > org.springframework.web.servlet.FrameworkServlet.processRequest(Frame > workServlet.java:882) > at > org.springframework.web.servlet.FrameworkServlet.doPost(FrameworkServ > let.java:789) > at javax.servlet.http.HttpServlet.service(HttpServlet.java:647) > at javax.servlet.http.HttpServlet.service(HttpServlet.java:728) > at > org.jasig.cas.web.init.SafeDispatcherServlet.service_aroundBody2(Safe > DispatcherServlet.java:128) > at > org.jasig.cas.web.init.SafeDispatcherServlet.service_aroundBody3$advi > ce(SafeDispatcherServlet.java:57) > at > org.jasig.cas.web.init.SafeDispatcherServlet.service(SafeDispatcherSe > rvlet.java:1) > at > org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(Appl > icationFilterChain.java:305) > at > org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationF > ilterChain.java:210) > at > org.springframework.web.filter.CharacterEncodingFilter.doFilterIntern > al(CharacterEncodingFilter.java:88) > at > org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerR > equestFilter.java:76) > at > org.springframework.web.filter.DelegatingFilterProxy.invokeDelegate(D > elegatingFilterProxy.java:346) > at > org.springframework.web.filter.DelegatingFilterProxy.doFilter(Delegat > ingFilterProxy.java:259) > at > org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(Appl > icationFilterChain.java:243) > at > org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationF > ilterChain.java:210) > at > com.github.inspektr.common.web.ClientInfoThreadLocalFilter.doFilter(C > lientInfoThreadLocalFilter.java:63) > at > org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(Appl > icationFilterChain.java:243) > at > org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationF > ilterChain.java:210) > at > org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperV > alve.java:222) > at > org.apache.catalina.core.StandardContextValve.invoke(StandardContextV > alve.java:123) > at > org.apache.catalina.authenticator.AuthenticatorBase.invoke(Authentica > torBase.java:472) > at > org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.j > ava:171) > at > org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.j > ava:99) > at > org.apache.catalina.valves.AccessLogValve.invoke(AccessLogValve.java: > 936) > at > org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineVal > ve.java:118) > at > org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.jav > a:407) > at > org.apache.coyote.http11.AbstractHttp11Processor.process(AbstractHttp > 11Processor.java:1004) > at > org.apache.coyote.AbstractProtocol$AbstractConnectionHandler.process( > AbstractProtocol.java:589) > at > org.apache.tomcat.util.net.JIoEndpoint$SocketProcessor.run(JIoEndpoin > t.java:312) > at > java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor. > java:1145) > at > java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor > .java:615) > at java.lang.Thread.run(Thread.java:722) > Caused by: javax.naming.CommunicationException: ldaps.hma.com:636 [Root > exceptio > n is javax.net.ssl.SSLHandshakeException: > sun.security.validator.ValidatorExcept > ion: PKIX path building failed: > sun.security.provider.certpath.SunCertPathBuilde > rException: unable to find valid certification path to requested target] > at com.sun.jndi.ldap.Connection.<init>(Connection.java:224) > at com.sun.jndi.ldap.LdapClient.<init>(LdapClient.java:136) > at com.sun.jndi.ldap.LdapClient.getInstance(LdapClient.java:1600) > at com.sun.jndi.ldap.LdapCtx.connect(LdapCtx.java:2698) > at com.sun.jndi.ldap.LdapCtx.<init>(LdapCtx.java:316) > at > com.sun.jndi.ldap.LdapCtxFactory.getUsingURL(LdapCtxFactory.java:193) > > at > com.sun.jndi.ldap.LdapCtxFactory.getUsingURLs(LdapCtxFactory.java:211 > ) > at > com.sun.jndi.ldap.LdapCtxFactory.getLdapCtxInstance(LdapCtxFactory.ja > va:154) > at > com.sun.jndi.ldap.LdapCtxFactory.getInitialContext(LdapCtxFactory.jav > a:84) > at > javax.naming.spi.NamingManager.getInitialContext(NamingManager.java:6 > 84) > at > javax.naming.InitialContext.getDefaultInitCtx(InitialContext.java:307 > ) > at javax.naming.InitialContext.init(InitialContext.java:242) > at > javax.naming.ldap.InitialLdapContext.<init>(InitialLdapContext.java:1 > 53) > at > org.springframework.ldap.core.support.LdapContextSource.getDirContext > Instance(LdapContextSource.java:43) > at > org.springframework.ldap.core.support.AbstractContextSource.createCon > text(AbstractContextSource.java:254) > ... 154 more > Caused by: javax.net.ssl.SSLHandshakeException: > sun.security.validator.Validator > Exception: PKIX path building failed: > sun.security.provider.certpath.SunCertPath > BuilderException: unable to find valid certification path to requested > target > at sun.security.ssl.Alerts.getSSLException(Alerts.java:192) > at sun.security.ssl.SSLSocketImpl.fatal(SSLSocketImpl.java:1886) > at sun.security.ssl.Handshaker.fatalSE(Handshaker.java:276) > at sun.security.ssl.Handshaker.fatalSE(Handshaker.java:270) > at > sun.security.ssl.ClientHandshaker.serverCertificate(ClientHandshaker. > java:1341) > at > sun.security.ssl.ClientHandshaker.processMessage(ClientHandshaker.jav > a:153) > at sun.security.ssl.Handshaker.processLoop(Handshaker.java:868) > at sun.security.ssl.Handshaker.process_record(Handshaker.java:804) > at > sun.security.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:1016) > at > sun.security.ssl.SSLSocketImpl.performInitialHandshake(SSLSocketImpl. > java:1312) > at > sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1339 > ) > at > sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1323 > ) > at com.sun.jndi.ldap.Connection.createSocket(Connection.java:379) > at com.sun.jndi.ldap.Connection.<init>(Connection.java:201) > ... 168 more > Caused by: sun.security.validator.ValidatorException: PKIX path building > failed: > sun.security.provider.certpath.SunCertPathBuilderException: unable to > find vali > d certification path to requested target > at > sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:385) > at > sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.jav > a:292) > at sun.security.validator.Validator.validate(Validator.java:260) > at > sun.security.ssl.X509TrustManagerImpl.validate(X509TrustManagerImpl.j > ava:326) > at > sun.security.ssl.X509TrustManagerImpl.checkTrusted(X509TrustManagerIm > pl.java:231) > at > sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustMan > agerImpl.java:126) > at > sun.security.ssl.ClientHandshaker.serverCertificate(ClientHandshaker. > java:1323) > ... 177 more > Caused by: sun.security.provider.certpath.SunCertPathBuilderException: > unable to > find valid certification path to requested target > at > sun.security.provider.certpath.SunCertPathBuilder.engineBuild(SunCert > PathBuilder.java:196) > at > java.security.cert.CertPathBuilder.build(CertPathBuilder.java:268) > at > sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:380) > ... 183 more > > -- > You are currently subscribed to [email protected] as: > [email protected] > To unsubscribe, change settings or access archives, see > http://www.ja-sig.org/wiki/display/JSG/cas-user > > -- > You are currently subscribed to [email protected] as: > [email protected] > To unsubscribe, change settings or access archives, see > http://www.ja-sig.org/wiki/display/JSG/cas-user > > -- You are currently subscribed to [email protected] as: [email protected] To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user
