Excellent. That did point out my problem. The certificate says
"gammel1.devqa.sersol.il.pqe" but I was using "gammel1.devqa". So, I
changed my filter to use "gammel1.devqa.sersol.il.pqe", but now I get a
different error:
javax.servlet.ServletException: Unable to validate ProxyTicketValidator
[[edu.yale.its.tp.cas.client.ProxyTicketValidator proxyList=[null]
[edu.yale.its.tp.cas.client.ServiceTicketValidator
casValidateUrl=[https://gammel1.devqa.sersol.il.pqe:8443/cas/serviceValidate]
ticket=[ST-7-iAwfbTJdvxggYhbfQSSkeFi2YZmbJkaFMM9-20]
service=[http%3A%2F%2Flocalhost%3A8080%2FcasSample%2Findex.html]
errorCode=[INVALID_SERVICE] errorMessage=[ticket
'ST-7-iAwfbTJdvxggYhbfQSSkeFi2YZmbJkaFMM9-20' does not match supplied
service. The original service was
'http://localhost:8080/casSample/index.html?' and the supplied service was
'http://localhost:8080/casSample/index.html'.] renew=false
entireResponse=[<cas:serviceResponse xmlns:cas='http://www.yale.edu/tp/cas'>
<cas:authenticationFailure code='INVALID_SERVICE'>
ticket 'ST-7-iAwfbTJdvxggYhbfQSSkeFi2YZmbJkaFMM9-20' does not match
supplied service. The original service was
'http://localhost:8080/casSample/index.html?' and the supplied service was
'http://localhost:8080/casSample/index.html'.
</cas:authenticationFailure>
</cas:serviceResponse>
Any ideas?
Thanks,
Ross
Andrew Petro wrote:
> Is there a way to check this?
Yes. View something served by that machine over https:// in your web
browser and use its SSL certificate inspection features (typically
available by clicking the "lock icon").
RossBleakney wrote:
I believe it was "gammel1.devqa" (if I understand how this is set). I
don't know a lot about SSL, so I asked one of our admin guys (who has a
lot more experience setting up SSL) to configure that server. I
specifically asked him what he answered when prompted for first name, last
name, etc. and he said "gammel1.devqa". Is there a way to check this? I am
at home now, so I can't access the code (or the two machines) so I'll
probably bug the list again tomorrow. But if you know of something to try
in the morning, I very much appreciate it.
Thanks,
Ross
----- Original Message -----
*From:* Scott Battaglia <mailto:[EMAIL PROTECTED]>
*To:* Yale CAS mailing list <mailto:[email protected]>
*Sent:* Tuesday, September 11, 2007 7:56 PM
*Subject:* Re: java.io.IOException: HTTPS hostname wrong
Ross,
When you created your certificates via the keytool, what did you
choose as the CN?
-Scott
<snip>
------------------------------------------------------------------------
_______________________________________________
Yale CAS mailing list
[email protected]
http://tp.its.yale.edu/mailman/listinfo/cas
------------------------------------------------------------------------
_______________________________________________
Yale CAS mailing list
[email protected]
http://tp.its.yale.edu/mailman/listinfo/cas
_________________________________________________________________
Can you find the hidden words? Take a break and play Seekadoo!
http://club.live.com/seekadoo.aspx?icid=seek_hotmailtextlink1
_______________________________________________
Yale CAS mailing list
[email protected]
http://tp.its.yale.edu/mailman/listinfo/cas
