Hi,
Can I set some attribute in session in CAS.
If yes ,how
On 9/29/06, zheng.guozhu <[EMAIL PROTECTED]> wrote:
Manisha,
Because the CAS filter requests the validation information through SSL channel. It works when you deploy both the CAS server and filter because they are using the same JVM with the same certification keystore. If the CAS filter is deployed in the other server with a different JVM, you must export the certification file from the server and import it into the filter server. There maybe exist a Wiki page of manual, pls check it.
Zheng Guozhu
On 9/29/06, Manisha Satija < [EMAIL PROTECTED]> wrote:_______________________________________________Hi,When I deploy CAS ans Sample Application on the same server it works fine, but when I deployed them on two different server it gives me the cas login screen , but After login I gets Exception as
SEVERE: Servlet.service() for servlet HelloServlet threw exception
javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException : unable to find valid certification path to requested target
at com.sun.net.ssl.internal.ssl.Alerts.getSSLException(Unknown Source)
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.fatal(Unknown Source)
at com.sun.net.ssl.internal.ssl.Handshaker.fatalSE (Unknown Source)
at com.sun.net.ssl.internal.ssl.Handshaker.fatalSE(Unknown Source)
at com.sun.net.ssl.internal.ssl.ClientHandshaker.serverCertificate(Unknown Source)
at com.sun.net.ssl.internal.ssl.ClientHandshaker.processMessage (Unknown Source)
at com.sun.net.ssl.internal.ssl.Handshaker.processLoop(Unknown Source)
at com.sun.net.ssl.internal.ssl.Handshaker.process_record(Unknown Source)
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.readRecord (Unknown Source)
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.performInitialHandshake(Unknown Source)
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.startHandshake(Unknown Source)
at sun.net.www.protocol.https.HttpsClient.afterConnect (Unknown Source)
at sun.net.www.protocol.https.AbstractDelegateHttpsURLConnection.connect(Unknown Source)
at sun.net.www.protocol.http.HttpURLConnection.getInputStream(Unknown Source)
at sun.net.www.protocol.https.HttpsURLConnectionImpl.getInputStream (Unknown Source)
at edu.yale.its.tp.cas.util.SecureURL.retrieve(SecureURL.java:84)
at edu.yale.its.tp.cas.client.ServiceTicketValidator.validate(ServiceTicketValidator.java:212)
at edu.yale.its.tp.cas.client.filter.CASFilter.getAuthenticatedUser (CASFilter.java:100)
at edu.yale.its.tp.cas.client.filter.CASFilter.doFilter(CASFilter.java:73)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:186)
at org.apache.catalina.core.ApplicationFilterChain.doFilter (ApplicationFilterChain.java:157)
at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:214)
at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:178)
at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:126)
at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:105)
at org.apache.catalina.core.StandardEngineValve.invoke (StandardEngineValve.java:107)
at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:148)
at org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:825)
at org.apache.coyote.http11.Http11Protocol$Http11ConnectionHandler.processConnection (Http11Protocol.java:731)
at org.apache.tomcat.util.net.PoolTcpEndpoint.processSocket(PoolTcpEndpoint.java:526)
at org.apache.tomcat.util.net.LeaderFollowerWorkerThread.runIt(LeaderFollowerWorkerThread.java:80)
at org.apache.tomcat.util.threads.ThreadPool$ControlRunnable.run(ThreadPool.java:684)
at java.lang.Thread.run(Unknown Source)
Caused by: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException : unable to find valid certification path to requested target
at sun.security.validator.PKIXValidator.doBuild(Unknown Source)
at sun.security.validator.PKIXValidator.engineValidate(Unknown Source)
at sun.security.validator.Validator.validate (Unknown Source)
at com.sun.net.ssl.internal.ssl.X509TrustManagerImpl.checkServerTrusted(Unknown Source)
at com.sun.net.ssl.internal.ssl.JsseX509TrustManager.checkServerTrusted(Unknown Source)
... 29 more
Caused by: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
at sun.security.provider.certpath.SunCertPathBuilder.engineBuild(Unknown Source)
at java.security.cert.CertPathBuilder.build (Unknown Source)
... 34 more
Thank YouRegards,Manisha
On 9/28/06, Scott Battaglia < [EMAIL PROTECTED] > wrote:You'll want to configure the new application similar to the current application such that when you attempt to access /sample it will redirect you to CAS which will recognize the existing SSO session._______________________________________________
-Scott
On 9/28/06, Manisha Satija < [EMAIL PROTECTED] > wrote:_______________________________________________Hi,I have deployed CAS and portal application on server and in web xml file of portal i have given the entries as below<filter>
<filter-name>CAS Filter</filter-name>
<filter-class>edu.yale.its.tp.cas.client.filter.CASFilter</filter-class>
<init-param>
<param-name> edu.yale.its.tp.cas.client.filter.loginUrl</param-name>
<param-value>https://portalserver:8443/cas/login </param-value>
</init-param>
<init-param>
<param-name>edu.yale.its.tp.cas.client.filter.validateUrl</param-name>
<param-value> https://portalserver:8443/cas/proxyValidate </param-value>
</init-param>
<init-param>
<param-name>edu.yale.its.tp.cas.client.filter.serviceUrl</param-name>
<param-value> http://portalserver:8080/casSample/index.jsp</param-value>
</init-param>
</filter><filter-mapping>
<filter-name>CAS Filter</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>
<servlet>
<servlet-name>HelloServlet</servlet-name>
<servlet-class>mypackage.Hello</servlet-class>
</servlet><servlet-mapping>
<servlet-name>HelloServlet</servlet-name>
<url-pattern>/hello</url-pattern>
</servlet-mapping>
Its working fine when i hit the url of portal its give me cas login page and after authentication i log into the portal index page.In index page i have given the link of sample application which is stored in another server say clientserver. I want that when i hit the link say http://clientserver:8080/sampleI should be allowed to access the application without reauthentication but with ticket so that I can aceess the user in clientserver and the their session within two server should be same.But if I hit the url http://clientserver:8080/sample through address bar without logging into portalserver I should be redirected to the cas login pagefor authetication.So can you suggest be any solution for it and also what will the entries in my web xml of sample application on clientserver.Thank You in advance.Regards,Manisha
On 9/27/06, Manisha Satija <[EMAIL PROTECTED] > wrote:no its proxyValidate
On 9/27/06, Frank Taffelt < [EMAIL PROTECTED]> wrote:MMS21 wrote:
<init-param>
> <param-name>edu.yale.its.tp.cas.client.filter.validateUrl </param-name>
> <param-value>https://server:8443/cas/proxyValidate</param-value>
> </init-param>
are you sure that you don't mean https://server:8443/cas/serviceValidate
instead https://server:8443/cas/proxyValidate ?
Frank
_______________________________________________
Yale CAS mailing list
[email protected]
http://tp.its.yale.edu/mailman/listinfo/cas
Yale CAS mailing list
[email protected]
http://tp.its.yale.edu/mailman/listinfo/cas
Yale CAS mailing list
[email protected]
http://tp.its.yale.edu/mailman/listinfo/cas
Yale CAS mailing list
[email protected]
http://tp.its.yale.edu/mailman/listinfo/cas
_______________________________________________
Yale CAS mailing list
[email protected]
http://tp.its.yale.edu/mailman/listinfo/cas
_______________________________________________ Yale CAS mailing list [email protected] http://tp.its.yale.edu/mailman/listinfo/cas
