Shasha, Generally this line:
<Connector className="org.apache.coyote.tomcat5.Coyote-Connector" keystoreFile="c:\Program Files\Java\jdk1.5.0_01\jre\lib\security\cacerts" port= "8443" miniProcessors="5" maxProcessors="75" enableLookups= "true" disableUploadTimeoue= "true" acceptCount= "100" debug= "0" scheme= "https" secure= "true" cleintAuth= "false" sslProtocol= "TLS"/> points to the Tomcat keystore and not the JVM keystore (i.e. generally you don't change it from the default). Not sure if that is your problem or not though. -Scott On 9/26/07, Shashidhar Rampally <[EMAIL PROTECTED]> wrote: > > Hi guys, > > I got CAS running successfully on my Tomcat container. i.e., > http://localhost/cas/login gives me the login page and when I enter the > same username and password, I am logged in successfully into CAS. > > However, I tried to get CAS working using a filter for the sample JSP > examples shipped with Tomcat. I edited the web.xml under jsp-examples > directory and added the following... > <description> > JSP 2.0 Examples. > </description> > <display-name>JSP 2.0 Examples</display-name> > > <filter> > <filter-name>CAS Filter</filter-name> > > <filter-class>edu.yale.its.tp.cas.client.filter.CASFilter</filter-class> > <init-param> > > <param-name>edu.yale.its.tp.cas.client.filter.loginUrl</param-name> > <param-value>https://localhost/cas/login</param-value> > </init-param> > <init-param> > > <param-name>edu.yale.its.tp.cas.client.filter.validateUrl</param-name> > <param-value>https://localhost/cas/proxyValidate</param-value> > </init-param> > <init-param> > > <param-name>edu.yale.its.tp.cas.client.filter.serverName</param-name> > <param-value>localhost</param-value> > </init-param> > </filter> > > Now, when I try to access any jsp page under jsp-examples, I am being > rightly redirected to the CAS login page. When I enter the username and > password thought, I am getting a ServletException (Unable to validate > ProxyTicketValidator). > > I followed the instructions on > http://www.ja-sig.org/products/cas/server/ssl/index.html and generated > the certificate and added it to the keystore. I also edited the > server.xml file under Tocmat\conf to.. > > <Connector className="org.apache.coyote.tomcat5.Coyote-Connector" > keystoreFile="c:\Program > Files\Java\jdk1.5.0_01\jre\lib\security\cacerts" port= "8443" > miniProcessors="5" maxProcessors="75" enableLookups= "true" > disableUploadTimeoue= "true" acceptCount= "100" debug= "0" scheme= > "https" secure= "true" cleintAuth= "false" sslProtocol= "TLS"/> > > I am lost right now. Please advise. You can find the errors/exception > I've found in the Tomcat log file below. > > Regards, > Shashi > > > [edu.yale.its.tp.cas.client.CASReceipt] : > edu.yale.its.tp.cas.client.CASAuthenticationException: Unable to > validate ProxyTicketValidator > [[edu.yale.its.tp.cas.client.ProxyTicketValidator proxyList=[null] > [edu.yale.its.tp.cas.client.ServiceTicketValidator > casValidateUrl=[https://localhost/cas/proxyValidate] > ticket=[ST-1-f7BPfeR3ngwi0TK3DmSjHl2iUnhI6YJzFCY-20] > service=[http%3A%2F%2Flocalhost%2Fjsp-examples%2F] renew=false]]] > [edu.yale.its.tp.cas.client.filter.CASFilter] : > edu.yale.its.tp.cas.client.CASAuthenticationException: Unable to > validate ProxyTicketValidator > [[edu.yale.its.tp.cas.client.ProxyTicketValidator proxyList=[null] > [edu.yale.its.tp.cas.client.ServiceTicketValidator > casValidateUrl=[https://localhost/cas/proxyValidate] > ticket=[ST-1-f7BPfeR3ngwi0TK3DmSjHl2iUnhI6YJzFCY-20] > service=[http%3A%2F%2Flocalhost%2Fjsp-examples%2F] renew=false]]] > [org.apache.catalina.core.ContainerBase > .[Catalina].[localhost].[/jsp-examples].[default]] > : Servlet.service() for servlet default threw exception > edu.yale.its.tp.cas.client.CASAuthenticationException: Unable to > validate ProxyTicketValidator > [[edu.yale.its.tp.cas.client.ProxyTicketValidator proxyList=[null] > [edu.yale.its.tp.cas.client.ServiceTicketValidator > casValidateUrl=[https://localhost/cas/proxyValidate] > ticket=[ST-1-f7BPfeR3ngwi0TK3DmSjHl2iUnhI6YJzFCY-20] > service=[http%3A%2F%2Flocalhost%2Fjsp-examples%2F] renew=false]]] > at edu.yale.its.tp.cas.client.CASReceipt.getReceipt(CASReceipt.java > :52) > at > edu.yale.its.tp.cas.client.filter.CASFilter.getAuthenticatedUser( > CASFilter.java:455) > at > edu.yale.its.tp.cas.client.filter.CASFilter.doFilter(CASFilter.java:378) > at > org.apache.catalina.core.ApplicationFilterChain.internalDoFilter( > ApplicationFilterChain.java:202) > at > org.apache.catalina.core.ApplicationFilterChain.doFilter( > ApplicationFilterChain.java:173) > at > org.apache.catalina.core.StandardWrapperValve.invoke( > StandardWrapperValve.java:213) > at > org.apache.catalina.core.StandardContextValve.invoke( > StandardContextValve.java:178) > at > org.apache.catalina.authenticator.AuthenticatorBase.invoke( > AuthenticatorBase.java:407) > at > org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java > :126) > at > org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java > :105) > at > org.apache.catalina.core.StandardEngineValve.invoke( > StandardEngineValve.java:107) > at > org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java > :148) > at org.apache.jk.server.JkCoyoteHandler.invoke(JkCoyoteHandler.java > :307) > at org.apache.jk.common.HandlerRequest.invoke(HandlerRequest.java:385) > at org.apache.jk.common.ChannelSocket.invoke(ChannelSocket.java:748) > at > org.apache.jk.common.ChannelSocket.processConnection(ChannelSocket.java > :678) > at org.apache.jk.common.SocketConnection.runIt(ChannelSocket.java:871) > at > org.apache.tomcat.util.threads.ThreadPool$ControlRunnable.run( > ThreadPool.java:684) > at java.lang.Thread.run(Thread.java:595) > Caused by: javax.net.ssl.SSLHandshakeException: > sun.security.validator.ValidatorException: PKIX path building failed: > sun.security.provider.certpath.SunCertPathBuilderException: unable to > find valid certification path to requested target > at com.sun.net.ssl.internal.ssl.Alerts.getSSLException(Alerts.java > :150) > at > com.sun.net.ssl.internal.ssl.SSLSocketImpl.fatal(SSLSocketImpl.java:1476) > at com.sun.net.ssl.internal.ssl.Handshaker.fatalSE(Handshaker.java > :174) > at com.sun.net.ssl.internal.ssl.Handshaker.fatalSE(Handshaker.java > :168) > at > com.sun.net.ssl.internal.ssl.ClientHandshaker.serverCertificate( > ClientHandshaker.java:846) > at > com.sun.net.ssl.internal.ssl.ClientHandshaker.processMessage( > ClientHandshaker.java:106) > at > com.sun.net.ssl.internal.ssl.Handshaker.processLoop(Handshaker.java:495) > at > com.sun.net.ssl.internal.ssl.Handshaker.process_record(Handshaker.java > :433) > at > com.sun.net.ssl.internal.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java > :815) > at > com.sun.net.ssl.internal.ssl.SSLSocketImpl.performInitialHandshake( > SSLSocketImpl.java:1025) > at > com.sun.net.ssl.internal.ssl.SSLSocketImpl.startHandshake( > SSLSocketImpl.java:1038) > at > sun.net.www.protocol.https.HttpsClient.afterConnect(HttpsClient.java:405) > at > sun.net.www.protocol.https.AbstractDelegateHttpsURLConnection.connect( > AbstractDelegateHttpsURLConnection.java:170) > at > sun.net.www.protocol.http.HttpURLConnection.getInputStream( > HttpURLConnection.java:905) > at > sun.net.www.protocol.https.HttpsURLConnectionImpl.getInputStream( > HttpsURLConnectionImpl.java:234) > at edu.yale.its.tp.cas.util.SecureURL.retrieve(SecureURL.java:84) > at > edu.yale.its.tp.cas.client.ServiceTicketValidator.validate( > ServiceTicketValidator.java:212) > at edu.yale.its.tp.cas.client.CASReceipt.getReceipt(CASReceipt.java > :50) > ... 18 more > Caused by: sun.security.validator.ValidatorException: PKIX path building > failed: sun.security.provider.certpath.SunCertPathBuilderException: > unable to find valid certification path to requested target > at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java > :221) > at > sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java > :145) > at sun.security.validator.Validator.validate(Validator.java:203) > at > com.sun.net.ssl.internal.ssl.X509TrustManagerImpl.checkServerTrusted( > X509TrustManagerImpl.java:172) > at > com.sun.net.ssl.internal.ssl.JsseX509TrustManager.checkServerTrusted( > SSLContextImpl.java:320) > at > com.sun.net.ssl.internal.ssl.ClientHandshaker.serverCertificate( > ClientHandshaker.java:839) > ... 31 more > Caused by: sun.security.provider.certpath.SunCertPathBuilderException: > unable to find valid certification path to requested target > at > sun.security.provider.certpath.SunCertPathBuilder.engineBuild( > SunCertPathBuilder.java:236) > at java.security.cert.CertPathBuilder.build(CertPathBuilder.java:194) > at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java > :216) > ... 36 more > > > _______________________________________________ > Yale CAS mailing list > [email protected] > http://tp.its.yale.edu/mailman/listinfo/cas > -- -Scott Battaglia LinkedIn: http://www.linkedin.com/in/scottbattaglia
_______________________________________________ Yale CAS mailing list [email protected] http://tp.its.yale.edu/mailman/listinfo/cas
