Hi Scott, I think this is the problem (from the tomcat log): Caused by: javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
Here is the full paste with the servers and webapp name changed: SEVERE: Servlet.service() for servlet default threw exception edu.yale.its.tp.cas.client.CASAuthenticationException: Unable to validate ProxyTicketValidator [[edu.yale.its.tp.cas.client.ProxyTicketValidatorproxyList=[null] [ edu.yale.its.tp.cas.client.ServiceTicketValidator casValidateUrl=[ https://authenticationserver.com/cas/serviceValidate] ticket=[ST-2-RN7yyvC4XXMKUEED6VOlfsnT40SOzMu7o42-20] service=[http%3A%2F%2Fwebserver1.com%3A8080%2Fmywebapp%2F] renew=false]]] at edu.yale.its.tp.cas.client.CASReceipt.getReceipt(CASReceipt.java:52) at edu.yale.its.tp.cas.client.filter.CASFilter.getAuthenticatedUser( CASFilter.java:455) at edu.yale.its.tp.cas.client.filter.CASFilter.doFilter(CASFilter.java :378) at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter( ApplicationFilterChain.java:202) at org.apache.catalina.core.ApplicationFilterChain.doFilter( ApplicationFilterChain.java:173) at org.apache.catalina.core.StandardWrapperValve.invoke( StandardWrapperValve.java:213) at org.apache.catalina.core.StandardContextValve.invoke( StandardContextValve.java:178) at org.apache.catalina.core.StandardHostValve.invoke( StandardHostValve.java:126) at org.apache.catalina.valves.ErrorReportValve.invoke( ErrorReportValve.java:105) at org.apache.catalina.core.StandardEngineValve.invoke( StandardEngineValve.java:107) at org.apache.catalina.connector.CoyoteAdapter.service( CoyoteAdapter.java:148) at org.apache.coyote.http11.Http11Processor.process(Http11Processor.java :869) at org.apache.coyote.http11.Http11BaseProtocol$Http11ConnectionHandler.processConnection (Http11BaseProtocol.java:664) at org.apache.tomcat.util.net.PoolTcpEndpoint.processSocket( PoolTcpEndpoint.java:527) at org.apache.tomcat.util.net.LeaderFollowerWorkerThread.runIt( LeaderFollowerWorkerThread.java:80) at org.apache.tomcat.util.threads.ThreadPool$ControlRunnable.run( ThreadPool.java:684) at java.lang.Thread.run(Thread.java:619) Caused by: javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target at com.sun.net.ssl.internal.ssl.Alerts.getSSLException(Alerts.java:174) at com.sun.net.ssl.internal.ssl.SSLSocketImpl.fatal(SSLSocketImpl.java :1520) at com.sun.net.ssl.internal.ssl.Handshaker.fatalSE(Handshaker.java:182) at com.sun.net.ssl.internal.ssl.Handshaker.fatalSE(Handshaker.java:176) at com.sun.net.ssl.internal.ssl.ClientHandshaker.serverCertificate( ClientHandshaker.java:975) at com.sun.net.ssl.internal.ssl.ClientHandshaker.processMessage( ClientHandshaker.java:123) at com.sun.net.ssl.internal.ssl.Handshaker.processLoop(Handshaker.java :511) at com.sun.net.ssl.internal.ssl.Handshaker.process_record( Handshaker.java:449) at com.sun.net.ssl.internal.ssl.SSLSocketImpl.readRecord( SSLSocketImpl.java:817) at com.sun.net.ssl.internal.ssl.SSLSocketImpl.performInitialHandshake( SSLSocketImpl.java:1029) at com.sun.net.ssl.internal.ssl.SSLSocketImpl.startHandshake( SSLSocketImpl.java:1056) at com.sun.net.ssl.internal.ssl.SSLSocketImpl.startHandshake( SSLSocketImpl.java:1040) at sun.net.www.protocol.https.HttpsClient.afterConnect(HttpsClient.java :405) at sun.net.www.protocol.https.AbstractDelegateHttpsURLConnection.connect (AbstractDelegateHttpsURLConnection.java:170) at sun.net.www.protocol.http.HttpURLConnection.getInputStream( HttpURLConnection.java:981) at sun.net.www.protocol.https.HttpsURLConnectionImpl.getInputStream( HttpsURLConnectionImpl.java:234) at edu.yale.its.tp.cas.util.SecureURL.retrieve(SecureURL.java:84) at edu.yale.its.tp.cas.client.ServiceTicketValidator.validate( ServiceTicketValidator.java:212) at edu.yale.its.tp.cas.client.CASReceipt.getReceipt(CASReceipt.java:50) ... 16 more Caused by: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:285) at sun.security.validator.PKIXValidator.engineValidate( PKIXValidator.java:191) at sun.security.validator.Validator.validate(Validator.java:218) at com.sun.net.ssl.internal.ssl.X509TrustManagerImpl.validate( X509TrustManagerImpl.java:126) at com.sun.net.ssl.internal.ssl.X509TrustManagerImpl.checkServerTrusted( X509TrustManagerImpl.java:209) at com.sun.net.ssl.internal.ssl.X509TrustManagerImpl.checkServerTrusted( X509TrustManagerImpl.java:249) at com.sun.net.ssl.internal.ssl.ClientHandshaker.serverCertificate( ClientHandshaker.java:954) ... 30 more Caused by: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target at sun.security.provider.certpath.SunCertPathBuilder.engineBuild( SunCertPathBuilder.java:174) at java.security.cert.CertPathBuilder.build(CertPathBuilder.java:238) at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:280) ... 36 more Thanks, Mike On 2/28/07, Scott Battaglia <[EMAIL PROTECTED]> wrote:
Mike, Is there any other messages in the log file? Exceptions, etc.? Thanks -Scott On 2/26/07, Mike Crawford < [EMAIL PROTECTED]> wrote: > Hi, > > I am trying to run a web server on one machine which redirects to a CAS > server running on another machine. When I try to > change the client.filter.serverName to redirect back to the web server I > get a 'Unable to validate ProxyTicketValidator' message. Does this have > something to do with proxyList? > > I've pasted an excerpt from client.filter.CASFilter with what I'm trying > to achieve. Ultimately there will be many web servers pointing to the same > authentication server. > > Thanks for your help, > > Mike Crawford > > <param-name>edu.yale.its.tp.cas.client.filter.loginUrl</param-name> > <param-value>https://authenticationserver.com/cas/login > </param-value> > </init-param> > <init-param> > <param-name> > edu.yale.its.tp.cas.client.filter.validateUrl</param-name> > <param-value> > https://authenticationserver.com/cas/serviceValidate</param-value> > </init-param> > <init-param> > <param-name> > edu.yale.its.tp.cas.client.filter.serverName</param-name> > <param-value>webserver1.com:8080 </param-value> > </init-param> > _______________________________________________ > Yale CAS mailing list > [email protected] > http://tp.its.yale.edu/mailman/listinfo/cas > > _______________________________________________ Yale CAS mailing list [email protected] http://tp.its.yale.edu/mailman/listinfo/cas
_______________________________________________ Yale CAS mailing list [email protected] http://tp.its.yale.edu/mailman/listinfo/cas
