Hi Scott,
Thanks for your suggestion. The problem is solved after I changed the common
name (CN) to localhost, which is the same as the hostname.
Instead, I got another problem after solving that. After I login, the page is
redirected to my original resource. However, an error occurs. Seems it's due to
the CASReceipt not serializable, any comment for that?
Take a look on the error trace.
java.lang.IllegalArgumentException: setAttribute: Non-serializable attribute
at
org.apache.catalina.session.StandardSession.setAttribute(StandardSession.java:1233)
at
org.apache.catalina.session.StandardSessionFacade.setAttribute(StandardSessionFacade.java:129)
at
edu.yale.its.tp.cas.client.filter.CASFilter.doFilter(CASFilter.java:391)
at
org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:202)
at
org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:173)
at
org.jboss.web.tomcat.filters.ReplyHeaderFilter.doFilter(ReplyHeaderFilter.java:81)
at
org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:202)
at
org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:173)
at
org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:213)
at
org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:178)
at
org.jboss.web.tomcat.security.CustomPrincipalValve.invoke(CustomPrincipalValve.java:39)
at
org.jboss.web.tomcat.security.SecurityAssociationValve.invoke(SecurityAssociationValve.java:153)
at
org.jboss.web.tomcat.security.JaccContextValve.invoke(JaccContextValve.java:59)
at
org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:126)
at
org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:105)
at
org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:107)
at
org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:148)
at
org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:856)
at
org.apache.coyote.http11.Http11Protocol$Http11ConnectionHandler.processConnection(Http11Protocol.java:744)
at
org.apache.tomcat.util.net.PoolTcpEndpoint.processSocket(PoolTcpEndpoint.java:527)
at
org.apache.tomcat.util.net.MasterSlaveWorkerThread.run(MasterSlaveWorkerThread.java:112)
at java.lang.Thread.run(Thread.java:534)
Thanks again,
Harry
My Weblog - http://wpmu.planner4u.org/
> -------Original Message-------
> From: Scott Battaglia <[EMAIL PROTECTED]>
> Subject: Re: cas problem...
> Sent: 29 Aug '06 20:51
>
> Harry,
>
> What CN name did you put in the certificate? Also, what hostname do you
> use to access the CAS server? The two should match (i.e. both should be
> localhost).
>
> -Scott
>
>
> On 8/29/06, HARRY NG <[LINK: mailto:[EMAIL PROTECTED]
> [EMAIL PROTECTED]> wrote: Dear,
>
> I'm writing to ask for help on solving the SSL handshake problem. After
> looking through many resources and articles, following those steps, I'm
> still unable to fix the problem.
>
> Here is my configuration:
> Fedora Core Linux 4
> Tomcat 5.0.28 / 5.5.12
> JAVA 1.5.0_05
> cas-server-3.0.5
> cas-client-java-2.1.1
>
> My situation is just similar to most people, which shows the exception for
> edu.yale.its.tp.cas.client.CASAuthenticationException : Unable to
> validate ProxyTicketValidator
> after entering the username and password on the default
> SimpleTestUsernamePasswordAuthenticationHandler
>
> I followed the method of generating my certificate and put into the
> cacerts according to this page
> [LINK: http://www.ja-sig.org/products/cas/server/ssl/index.html]
> http://www.ja-sig.org/products/cas/server/ssl/index.html
>
> and simply set my CASFilter according to this
> [LINK: http://www.ja-sig.org/products/cas/client/javaclient/index.html]
> http://www.ja-sig.org/products/cas/client/javaclient/index.html
>
> Please help to take a look. Thanks a lot.
>
> Regards,
> Harry
>
> --------------------------------------------------------------------------
>
> Quote:
> Note from the stack trace the bit about SSL handshake problems. You
> don't have a valid cert for localhost installed. Consequently, your
> CASified tomcat examples are unable to validate the ticket at your CAS
> server instance over SSL.
>
> This is a very common problem among relative newcomers to CAS.
>
> Our online documentation that's evolved into a Wiki page continues to
> improve thanks to excellent feedback on and off this list. I hope both
> that this documentation will help you resolve your problem and that once
> your problem is resolved you'll be able to take a moment to review this
> documentation and provide feedback about how we can make it better,
> easier to find, more correct, etc.
>
> [LINK: http://jasigch.princeton.edu:9000/display/CAS/Solving+SSL+issues]
> http://jasigch.princeton.edu:9000/display/CAS/Solving+SSL+issues
>
> Notice especially the links to threads from the email archives on this
> topic.
>
>
> While this page is about CASifying uPortal, its content about installing
> self-signed certs is on-topic:
>
> [LINK:
> http://jasigch.princeton.edu:9000/display/CAS/Legacy+uPortal+client]
> http://jasigch.princeton.edu:9000/display/CAS/Legacy+uPortal+client
>
>
> If after reviewing some of the available documentation online you're
> still not able to get CAS working for the JSP examples, please do write
> back on this list.
>
> Best wishes,
>
> Andrew
>
>
> --------------------------------------------------------------------------
> My Weblog - [LINK: http://wpmu.planner4u.org/] http://wpmu.planner4u.org/
>
>
> _______________________________________________
> Yale CAS mailing list
> [LINK: mailto:[EMAIL PROTECTED] [email protected]
> [LINK: http://tp.its.yale.edu/mailman/listinfo/cas]
> http://tp.its.yale.edu/mailman/listinfo/cas
>
>
> --~--~---------~--~----~------------~-------~--~----~
> ?????,??????? Google ??????Harry's Gmail????
> ?????????,??????? [EMAIL PROTECTED]
> ????????,??????? [EMAIL PROTECTED]
> ?????,??????:http://groups.google.com/group/harryworld ?
> -~----------~----~----~----~------~----~------~--~---
_______________________________________________
Yale CAS mailing list
[email protected]
http://tp.its.yale.edu/mailman/listinfo/cas
