Are you adding it to your JVMs cacerts file? If you have multiple JVMs make sure its in the correct one (I've seen it placed in the wrong one accidentally a lot).
-Scott On 2/28/07, Mike Crawford <[EMAIL PROTECTED]> wrote:
Adding the key didn't work. Cheers, Mike On 2/28/07, Mike Crawford <[EMAIL PROTECTED] > wrote: > > Hi again, > > I'm pretty sure the problem is caused by 'webserver1' not being in the > keystore, because it works fine if the web application is on the same server > as the authentication server. In my keystore on the authentication server I > have a key entry for the authentication server with alias 'tomcat'. I was > going to try adding another key for webserver1, but can I just call it > 'webserver1' and add it into my store? > > Thanks, > > Mike > > On 2/28/07, Mike Crawford < [EMAIL PROTECTED]> wrote: > > > > Hi Scott, > > > > I think this is the problem (from the tomcat log): Caused by: > > javax.net.ssl.SSLHandshakeException: > > sun.security.validator.ValidatorException: PKIX path building failed: > > sun.security.provider.certpath.SunCertPathBuilderException : unable to > > find valid certification path to requested target > > > > Here is the full paste with the servers and webapp name changed: > > > > SEVERE: Servlet.service() for servlet default threw exception > > edu.yale.its.tp.cas.client.CASAuthenticationException : Unable to > > validate ProxyTicketValidator [[ > > edu.yale.its.tp.cas.client.ProxyTicketValidator proxyList=[null] [ > > edu.yale.its.tp.cas.client.ServiceTicketValidator casValidateUrl=[https://authenticationserver.com/cas/serviceValidate] > > ticket=[ST-2-RN7yyvC4XXMKUEED6VOlfsnT40SOzMu7o42-20] > > service=[http%3A%2F%2Fwebserver1.com%3A8080%2Fmywebapp%2F] renew=false]]] > > at edu.yale.its.tp.cas.client.CASReceipt.getReceipt ( > > CASReceipt.java:52) > > at > > edu.yale.its.tp.cas.client.filter.CASFilter.getAuthenticatedUser( > > CASFilter.java:455) > > at edu.yale.its.tp.cas.client.filter.CASFilter.doFilter( > > CASFilter.java:378) > > at > > org.apache.catalina.core.ApplicationFilterChain.internalDoFilter ( > > ApplicationFilterChain.java:202) > > at org.apache.catalina.core.ApplicationFilterChain.doFilter( > > ApplicationFilterChain.java:173) > > at org.apache.catalina.core.StandardWrapperValve.invoke( > > StandardWrapperValve.java :213) > > at org.apache.catalina.core.StandardContextValve.invoke( > > StandardContextValve.java:178) > > at org.apache.catalina.core.StandardHostValve.invoke( > > StandardHostValve.java:126) > > at org.apache.catalina.valves.ErrorReportValve.invoke ( > > ErrorReportValve.java:105) > > at org.apache.catalina.core.StandardEngineValve.invoke( > > StandardEngineValve.java:107) > > at org.apache.catalina.connector.CoyoteAdapter.service( > > CoyoteAdapter.java:148) > > at org.apache.coyote.http11.Http11Processor.process ( > > Http11Processor.java:869) > > at > > org.apache.coyote.http11.Http11BaseProtocol$Http11ConnectionHandler.processConnection > > (Http11BaseProtocol.java:664) > > at org.apache.tomcat.util.net.PoolTcpEndpoint.processSocket( > > PoolTcpEndpoint.java :527) > > at org.apache.tomcat.util.net.LeaderFollowerWorkerThread.runIt( > > LeaderFollowerWorkerThread.java:80) > > at org.apache.tomcat.util.threads.ThreadPool$ControlRunnable.run( > > ThreadPool.java:684) > > at java.lang.Thread.run (Thread.java:619) > > Caused by: javax.net.ssl.SSLHandshakeException: > > sun.security.validator.ValidatorException: PKIX path building failed: > > sun.security.provider.certpath.SunCertPathBuilderException: unable to > > find valid certification path to requested target > > at com.sun.net.ssl.internal.ssl.Alerts.getSSLException(Alerts.java > > :174) > > at com.sun.net.ssl.internal.ssl.SSLSocketImpl.fatal( > > SSLSocketImpl.java:1520) > > at com.sun.net.ssl.internal.ssl.Handshaker.fatalSE ( > > Handshaker.java:182) > > at com.sun.net.ssl.internal.ssl.Handshaker.fatalSE(Handshaker.java > > :176) > > at com.sun.net.ssl.internal.ssl.ClientHandshaker.serverCertificate > > (ClientHandshaker.java:975) > > at com.sun.net.ssl.internal.ssl.ClientHandshaker.processMessage ( > > ClientHandshaker.java:123) > > at com.sun.net.ssl.internal.ssl.Handshaker.processLoop( > > Handshaker.java:511) > > at com.sun.net.ssl.internal.ssl.Handshaker.process_record( > > Handshaker.java:449) > > at com.sun.net.ssl.internal.ssl.SSLSocketImpl.readRecord ( > > SSLSocketImpl.java:817) > > at > > com.sun.net.ssl.internal.ssl.SSLSocketImpl.performInitialHandshake( > > SSLSocketImpl.java:1029) > > at com.sun.net.ssl.internal.ssl.SSLSocketImpl.startHandshake( > > SSLSocketImpl.java:1056) > > at com.sun.net.ssl.internal.ssl.SSLSocketImpl.startHandshake( > > SSLSocketImpl.java:1040) > > at sun.net.www.protocol.https.HttpsClient.afterConnect( > > HttpsClient.java:405) > > at > > sun.net.www.protocol.https.AbstractDelegateHttpsURLConnection.connect( > > AbstractDelegateHttpsURLConnection.java:170) > > at sun.net.www.protocol.http.HttpURLConnection.getInputStream( > > HttpURLConnection.java:981) > > at > > sun.net.www.protocol.https.HttpsURLConnectionImpl.getInputStream( > > HttpsURLConnectionImpl.java :234) > > at edu.yale.its.tp.cas.util.SecureURL.retrieve(SecureURL.java:84) > > at edu.yale.its.tp.cas.client.ServiceTicketValidator.validate( > > ServiceTicketValidator.java:212) > > at edu.yale.its.tp.cas.client.CASReceipt.getReceipt ( > > CASReceipt.java:50) > > ... 16 more > > Caused by: sun.security.validator.ValidatorException: PKIX path > > building failed: > > sun.security.provider.certpath.SunCertPathBuilderException: unable to > > find valid certification path to requested target > > at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java > > :285) > > at sun.security.validator.PKIXValidator.engineValidate( > > PKIXValidator.java:191) > > at sun.security.validator.Validator.validate(Validator.java :218) > > at com.sun.net.ssl.internal.ssl.X509TrustManagerImpl.validate( > > X509TrustManagerImpl.java:126) > > at > > com.sun.net.ssl.internal.ssl.X509TrustManagerImpl.checkServerTrusted( > > X509TrustManagerImpl.java:209) > > at > > com.sun.net.ssl.internal.ssl.X509TrustManagerImpl.checkServerTrusted( > > X509TrustManagerImpl.java:249) > > at com.sun.net.ssl.internal.ssl.ClientHandshaker.serverCertificate > > (ClientHandshaker.java:954) > > ... 30 more > > Caused by: sun.security.provider.certpath.SunCertPathBuilderException: > > unable to find valid certification path to requested target > > at sun.security.provider.certpath.SunCertPathBuilder.engineBuild( > > SunCertPathBuilder.java :174) > > at java.security.cert.CertPathBuilder.build(CertPathBuilder.java > > :238) > > at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java > > :280) > > ... 36 more > > > > > > > > Thanks, > > > > Mike > > > > On 2/28/07, Scott Battaglia <[EMAIL PROTECTED] > wrote: > > > > > > Mike, > > > > > > Is there any other messages in the log file? Exceptions, etc.? > > > > > > Thanks > > > -Scott > > > > > > On 2/26/07, Mike Crawford < [EMAIL PROTECTED]> wrote: > > > > > > > Hi, > > > > > > > > I am trying to run a web server on one machine which redirects to > > > > a CAS server running on another machine. When I try to > > > > change the client.filter.serverName to redirect back to the web > > > > server I get a 'Unable to validate ProxyTicketValidator' message. Does this > > > > have something to do with proxyList? > > > > > > > > I've pasted an excerpt from client.filter.CASFilter with what I'm > > > > trying to achieve. Ultimately there will be many web servers pointing to > > > > the same authentication server. > > > > > > > > Thanks for your help, > > > > > > > > Mike Crawford > > > > > > > > <param-name>edu.yale.its.tp.cas.client.filter.loginUrl > > > > </param-name> > > > > <param-value>https://authenticationserver.com/cas/login > > > > </param-value> > > > > </init-param> > > > > <init-param> > > > > <param-name> > > > > edu.yale.its.tp.cas.client.filter.validateUrl</param-name> > > > > <param-value> > > > > https://authenticationserver.com/cas/serviceValidate</param-value> > > > > </init-param> > > > > <init-param> > > > > <param-name> > > > > edu.yale.its.tp.cas.client.filter.serverName</param-name> > > > > <param-value>webserver1.com:8080 </param-value> > > > > </init-param> > > > > _______________________________________________ > > > > Yale CAS mailing list > > > > [email protected] > > > > http://tp.its.yale.edu/mailman/listinfo/cas > > > > > > > > > > > > > > _______________________________________________ > > > Yale CAS mailing list > > > [email protected] > > > http://tp.its.yale.edu/mailman/listinfo/cas > > > > > > > > > _______________________________________________ Yale CAS mailing list [email protected] http://tp.its.yale.edu/mailman/listinfo/cas
_______________________________________________ Yale CAS mailing list [email protected] http://tp.its.yale.edu/mailman/listinfo/cas
