Actually, I figured it out. I have to have certificates set up for the tomcat keystore as well as the JAVA_HOME keystore. Tomcat uses its keystore during its processing and any API library calls use JAVA_HOME keystore, though they either have to be duplicated or one should point their tomcat keystore file to the cacerts file.
On 5/26/07, Ilya Sterin <[EMAIL PROTECTED]> wrote: > I'm not sure if this is a limitation of CAS, though I doubt it as I've > seen postings of folks successfully using it on a different domain > than the service. > > I've set up a simple web app with the cas client and the cas server. > When set up on the same domain, all works fine. But when I say have > cas running on sso and service on localhost, I'm redirected to the cas > login screen, but on validation I get this error... > > It's basicaly stating that my server domain should be sso. Am I doing > something wrong? > > > javax.servlet.ServletException: Unable to validate > ProxyTicketValidator [[edu.yale.its.tp.cas.client.ProxyTicketValidator > proxyList=[null] [edu.yale.its.tp.cas.client.ServiceTicketValidator > casValidateUrl=[https://sso:8443/cas/serviceValidate] > ticket=[ST-6-PS3NJnCOMuzPFdq1Rhi1FQZGVVdUVwHBgyO-20] > service=[http%3A%2F%2Flocalhost%3A8080%2Fprism-security%2Findex.jsp] > renew=true]]] > > edu.yale.its.tp.cas.client.filter.CASFilter.doFilter(CASFilter.java:381) > > root cause > > edu.yale.its.tp.cas.client.CASAuthenticationException: Unable to > validate ProxyTicketValidator > [[edu.yale.its.tp.cas.client.ProxyTicketValidator proxyList=[null] > [edu.yale.its.tp.cas.client.ServiceTicketValidator > casValidateUrl=[https://sso:8443/cas/serviceValidate] > ticket=[ST-6-PS3NJnCOMuzPFdq1Rhi1FQZGVVdUVwHBgyO-20] > service=[http%3A%2F%2Flocalhost%3A8080%2Fprism-security%2Findex.jsp] > renew=true]]] > edu.yale.its.tp.cas.client.CASReceipt.getReceipt(CASReceipt.java:52) > > edu.yale.its.tp.cas.client.filter.CASFilter.getAuthenticatedUser(CASFilter.java:455) > > edu.yale.its.tp.cas.client.filter.CASFilter.doFilter(CASFilter.java:378) > > root cause > > java.io.IOException: HTTPS hostname wrong: should be <sso> > > sun.net.www.protocol.https.HttpsClient.checkURLSpoofing(HttpsClient.java:490) > > sun.net.www.protocol.https.HttpsClient.afterConnect(HttpsClient.java:415) > > sun.net.www.protocol.https.AbstractDelegateHttpsURLConnection.connect(AbstractDelegateHttpsURLConnection.java:170) > > sun.net.www.protocol.http.HttpURLConnection.getInputStream(HttpURLConnection.java:916) > > sun.net.www.protocol.https.HttpsURLConnectionImpl.getInputStream(HttpsURLConnectionImpl.java:234) > edu.yale.its.tp.cas.util.SecureURL.retrieve(SecureURL.java:84) > > edu.yale.its.tp.cas.client.ServiceTicketValidator.validate(ServiceTicketValidator.java:212) > edu.yale.its.tp.cas.client.CASReceipt.getReceipt(CASReceipt.java:50) > > edu.yale.its.tp.cas.client.filter.CASFilter.getAuthenticatedUser(CASFilter.java:455) > > edu.yale.its.tp.cas.client.filter.CASFilter.doFilter(CASFilter.java:378) > _______________________________________________ Yale CAS mailing list [email protected] http://tp.its.yale.edu/mailman/listinfo/cas
