Hi, We are wondering about a little details.
When we want to use CAS in proxy mode, do we need to add the certificate from the distant server in the CAS cacert? I'm asking this because at this time, our application can successfully connect to the CAS server but when we read the CAS log we see an error in it. As you can see a service ticket is granted but in the second part an Exception is trowed on creation of the proxy ticket. 2007-10-17 11:01:17,658 INFO [org.jasig.cas.CentralAuthenticationServiceImpl] - Granted service ticket [ST-4-Z9y6r2ny5x1GpHF9nkrRbEtcrt6UlHfhtLZ-20] for service [http://ca-dti-simrou:8080/sakai-login-tool/container] for user [851s555] 2007-10-17 11:01:17,716 ERROR [org.jasig.cas.util.UrlUtils] - javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: No trusted certificate found javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: No trusted certificate found at com.sun.net.ssl.internal.ssl.BaseSSLSocketImpl.a(DashoA12275) at com.sun.net.ssl.internal.ssl.SSLSocketImpl.a(DashoA12275) at com.sun.net.ssl.internal.ssl.SSLSocketImpl.a(DashoA12275) at com.sun.net.ssl.internal.ssl.SunJSSE_az.a(DashoA12275) at com.sun.net.ssl.internal.ssl.SunJSSE_az.a(DashoA12275) at com.sun.net.ssl.internal.ssl.SunJSSE_ax.a(DashoA12275) at com.sun.net.ssl.internal.ssl.SSLSocketImpl.a(DashoA12275) at com.sun.net.ssl.internal.ssl.SSLSocketImpl.j(DashoA12275) at com.sun.net.ssl.internal.ssl.SSLSocketImpl.b(DashoA12275) at com.sun.net.ssl.internal.ssl.SSLSocketImpl.startHandshake(DashoA12275) at sun.net.www.protocol.https.HttpsClient.afterConnect(DashoA12275) at sun.net.www.protocol.https.AbstractDelegateHttpsURLConnection.connect(DashoA12275) at sun.net.www.protocol.http.HttpURLConnection.getInputStream(HttpURLConnection.java:626) at java.net.HttpURLConnection.getResponseCode(HttpURLConnection.java:272) at sun.net.www.protocol.https.HttpsURLConnectionImpl.getResponseCode(DashoA12275) at org.jasig.cas.util.UrlUtils.getResponseCodeFromUrl(UrlUtils.java:45) at org.jasig.cas.authentication.handler.support.HttpBasedServiceCredentialsAuthenticationHandler.authenticate (HttpBasedServiceCredentialsAuthenticationHandler.java:63) at org.jasig.cas.authentication.AuthenticationManagerImpl.authenticate(AuthenticationManagerImpl.java:79) at org.jasig.cas.CentralAuthenticationServiceImpl.delegateTicketGrantingTicket(CentralAuthenticationServiceImpl.java:195) at org.jasig.cas.web.ServiceValidateController.handleRequestInternal(ServiceValidateController.java:128) at org.springframework.web.servlet.mvc.AbstractController.handleRequest(AbstractController.java:139) at org.springframework.web.servlet.mvc.SimpleControllerHandlerAdapter.handle(SimpleControllerHandlerAdapter.java:44) at org.springframework.web.servlet.DispatcherServlet.doDispatch(DispatcherServlet.java:717) at org.springframework.web.servlet.DispatcherServlet.doService(DispatcherServlet.java:658) at org.springframework.web.servlet.FrameworkServlet.processRequest(FrameworkServlet.java:392) at org.springframework.web.servlet.FrameworkServlet.doGet(FrameworkServlet.java:347) at javax.servlet.http.HttpServlet.service(HttpServlet.java:689) at javax.servlet.http.HttpServlet.service(HttpServlet.java:802) at org.jasig.cas.web.init.SafeDispatcherServlet.service(SafeDispatcherServlet.java:115) at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:252) at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:173) at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValvejava:213) at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValvejava:178) at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:126) at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:105) at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:107) at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:148) at org.apache.jk.server.JkCoyoteHandler.invoke(JkCoyoteHandler.java:199) at org.apache.jk.common.HandlerRequest.invoke(HandlerRequest.java:282) at org.apache.jk.common.ChannelSocket.invoke(ChannelSocket.java:754) at org.apache.jk.common.ChannelSocket.processConnection(ChannelSocket.java:684) at org.apache.jk.common.ChannelSocket$SocketConnection.runIt(ChannelSocket.java:876) at org.apache.tomcat.util.threads.ThreadPool$ControlRunnable.run(ThreadPool.java:684) at java.lang.Thread.run(Thread.java:534) Caused by: sun.security.validator.ValidatorException: No trusted certificate found at sun.security.validator.SimpleValidator.buildTrustedChain(SimpleValidator.java:304) at sun.security.validator.SimpleValidator.engineValidate(SimpleValidator.java:107) at sun.security.validator.Validator.validate(Validator.java:202) at com.sun.net.ssl.internal.ssl.X509TrustManagerImpl.checkServerTrusted(DashoA12275) at com.sun.net.ssl.internal.ssl.JsseX509TrustManager.checkServerTrusted(DashoA12275) ... 41 more 2007-10-17 11:01:17,720 INFO [org.jasig.cas.authentication.AuthenticationManagerImpl] - AuthenticationHandler: org.jasig.cas.authentication.handler.support.HttpBasedServiceCredentialsAuthenticationHandler failed to authenticate the user. 2007-10-17 11:01:17,720 ERROR [org.jasig.cas.web.ServiceValidateController] - TicketException generating ticket for: https://ca-dti-simrou:8443/sakai-login-tool/CasProxyServlet org.jasig.cas.ticket.TicketCreationException: error.authentication.credentials.bad at org.jasig.cas.CentralAuthenticationServiceImpl.delegateTicketGrantingTicket(CentralAuthenticationServiceImpl.java:216) at org.jasig.cas.web.ServiceValidateController.handleRequestInternal(ServiceValidateController.java:128) at org.springframework.web.servlet.mvc.AbstractController.handleRequest(AbstractController.java:139) at org.springframework.web.servlet.mvc.SimpleControllerHandlerAdapter.handle(SimpleControllerHandlerAdapter.java:44) at org.springframework.web.servlet.DispatcherServlet.doDispatch(DispatcherServlet.java:717) at org.springframework.web.servlet.DispatcherServlet.doService(DispatcherServlet.java:658) at org.springframework.web.servlet.FrameworkServlet.processRequest(FrameworkServlet.java:392) at org.springframework.web.servlet.FrameworkServlet.doGet(FrameworkServlet.java:347) at javax.servlet.http.HttpServlet.service(HttpServlet.java:689) at javax.servlet.http.HttpServlet.service(HttpServlet.java:802) at org.jasig.cas.web.init.SafeDispatcherServlet.service(SafeDispatcherServlet.java:115) at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:252) at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:173) at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValvejava:213) at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValvejava:178) at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:126) at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:105) at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:107) at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:148) at org.apache.jk.server.JkCoyoteHandler.invoke(JkCoyoteHandler.java:199) at org.apache.jk.common.HandlerRequest.invoke(HandlerRequest.java:282) at org.apache.jk.common.ChannelSocket.invoke(ChannelSocket.java:754) at org.apache.jk.common.ChannelSocket.processConnection(ChannelSocket.java:684) at org.apache.jk.common.ChannelSocket$SocketConnection.runIt(ChannelSocket.java:876) at org.apache.tomcat.util.threads.ThreadPool$ControlRunnable.run(ThreadPool.java:684) at java.lang.Thread.run(Thread.java:534) Caused by: error.authentication.credentials.bad at org.jasig.cas.authentication.handler.BadCredentialsAuthenticationException.<clinit>(BadCredentialsAuthenticationException.java:25) at org.jasig.cas.authentication.AuthenticationManagerImpl.authenticate(AuthenticationManagerImpl.java:101) at org.jasig.cas.CentralAuthenticationServiceImpl.delegateTicketGrantingTicket(CentralAuthenticationServiceImpl.java:195) ... 25 more I hope that you have enough details... If not write me back! Cheer's, Simon Rousseau CSSMI
_______________________________________________ Yale CAS mailing list [email protected] http://tp.its.yale.edu/mailman/listinfo/cas
