Simon, If your proxied application is not using a commercial certificate, its certificate or or the intermediary CA's certificate will need to be added to the cacerts file of the JVM that CAS is run on. This way CAS will trust the certificate and issue the proxy ticket.
-Scott On 10/22/07, Simon Rousseau <[EMAIL PROTECTED]> wrote: > > Hi, > > We are wondering about a little details. > > When we want to use CAS in proxy mode, do we need to add the certificate > from the distant server in the CAS cacert? > > I'm asking this because at this time, our application can successfully > connect to the CAS server but when we read the CAS log we see an error in > it. As you can see a service ticket is granted but in the second part an > Exception is trowed on creation of the proxy ticket. > > 2007-10-17 11:01:17,658 INFO [ > org.jasig.cas.CentralAuthenticationServiceImpl] - Granted service ticket > [ST-4-Z9y6r2ny5x1GpHF9nkrRbEtcrt6UlHfhtLZ-20] for service [ > http://ca-dti-simrou:8080/sakai-login-tool/container] for user [851s555] > 2007-10-17 11:01:17,716 ERROR [org.jasig.cas.util.UrlUtils] - > javax.net.ssl.SSLHandshakeException: > sun.security.validator.ValidatorException: No trusted certificate found > javax.net.ssl.SSLHandshakeException: > sun.security.validator.ValidatorException: No trusted certificate found > at com.sun.net.ssl.internal.ssl.BaseSSLSocketImpl.a(DashoA12275) > at com.sun.net.ssl.internal.ssl.SSLSocketImpl.a(DashoA12275) > at com.sun.net.ssl.internal.ssl.SSLSocketImpl.a(DashoA12275) > at com.sun.net.ssl.internal.ssl.SunJSSE_az.a(DashoA12275) > at com.sun.net.ssl.internal.ssl.SunJSSE_az.a(DashoA12275) > at com.sun.net.ssl.internal.ssl.SunJSSE_ax.a(DashoA12275) > at com.sun.net.ssl.internal.ssl.SSLSocketImpl.a(DashoA12275) > at com.sun.net.ssl.internal.ssl.SSLSocketImpl.j(DashoA12275) > at com.sun.net.ssl.internal.ssl.SSLSocketImpl.b(DashoA12275) > at com.sun.net.ssl.internal.ssl.SSLSocketImpl.startHandshake > (DashoA12275) > at sun.net.www.protocol.https.HttpsClient.afterConnect(DashoA12275) > at > sun.net.www.protocol.https.AbstractDelegateHttpsURLConnection.connect > (DashoA12275) > at sun.net.www.protocol.http.HttpURLConnection.getInputStream( > HttpURLConnection.java:626) > at java.net.HttpURLConnection.getResponseCode(HttpURLConnection.java > :272) > at sun.net.www.protocol.https.HttpsURLConnectionImpl.getResponseCode > (DashoA12275) > at org.jasig.cas.util.UrlUtils.getResponseCodeFromUrl(UrlUtils.java > :45) > at > org.jasig.cas.authentication.handler.support.HttpBasedServiceCredentialsAuthenticationHandler.authenticate > > (HttpBasedServiceCredentialsAuthenticationHandler.java:63) > at > org.jasig.cas.authentication.AuthenticationManagerImpl.authenticate( > AuthenticationManagerImpl.java:79) > at > org.jasig.cas.CentralAuthenticationServiceImpl.delegateTicketGrantingTicket > (CentralAuthenticationServiceImpl.java:195) > at org.jasig.cas.web.ServiceValidateController.handleRequestInternal( > ServiceValidateController.java:128) > at > org.springframework.web.servlet.mvc.AbstractController.handleRequest( > AbstractController.java:139) > at > org.springframework.web.servlet.mvc.SimpleControllerHandlerAdapter.handle( > SimpleControllerHandlerAdapter.java:44) > at org.springframework.web.servlet.DispatcherServlet.doDispatch( > DispatcherServlet.java:717) > at org.springframework.web.servlet.DispatcherServlet.doService( > DispatcherServlet.java:658) > at org.springframework.web.servlet.FrameworkServlet.processRequest( > FrameworkServlet.java:392) > at org.springframework.web.servlet.FrameworkServlet.doGet( > FrameworkServlet.java:347) > at javax.servlet.http.HttpServlet.service(HttpServlet.java:689) > at javax.servlet.http.HttpServlet.service(HttpServlet.java:802) > at org.jasig.cas.web.init.SafeDispatcherServlet.service( > SafeDispatcherServlet.java:115) > at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter( > ApplicationFilterChain.java:252) > at org.apache.catalina.core.ApplicationFilterChain.doFilter( > ApplicationFilterChain.java:173) > at org.apache.catalina.core.StandardWrapperValve.invoke > (StandardWrapperValvejava:213) > at org.apache.catalina.core.StandardContextValve.invoke > (StandardContextValvejava:178) > at org.apache.catalina.core.StandardHostValve.invoke( > StandardHostValve.java:126) > at org.apache.catalina.valves.ErrorReportValve.invoke( > ErrorReportValve.java:105) > at org.apache.catalina.core.StandardEngineValve.invoke( > StandardEngineValve.java:107) > at org.apache.catalina.connector.CoyoteAdapter.service( > CoyoteAdapter.java:148) > at org.apache.jk.server.JkCoyoteHandler.invoke(JkCoyoteHandler.java > :199) > at org.apache.jk.common.HandlerRequest.invoke(HandlerRequest.java > :282) > at org.apache.jk.common.ChannelSocket.invoke(ChannelSocket.java:754) > at org.apache.jk.common.ChannelSocket.processConnection( > ChannelSocket.java:684) > at org.apache.jk.common.ChannelSocket$SocketConnection.runIt( > ChannelSocket.java:876) > at org.apache.tomcat.util.threads.ThreadPool$ControlRunnable.run( > ThreadPool.java:684) > at java.lang.Thread.run(Thread.java:534) > Caused by: sun.security.validator.ValidatorException: No trusted > certificate found > at sun.security.validator.SimpleValidator.buildTrustedChain( > SimpleValidator.java:304) > at sun.security.validator.SimpleValidator.engineValidate( > SimpleValidator.java:107) > at sun.security.validator.Validator.validate(Validator.java:202) > at > com.sun.net.ssl.internal.ssl.X509TrustManagerImpl.checkServerTrusted > (DashoA12275) > at > com.sun.net.ssl.internal.ssl.JsseX509TrustManager.checkServerTrusted > (DashoA12275) > ... 41 more > 2007-10-17 11:01:17,720 INFO [ > org.jasig.cas.authentication.AuthenticationManagerImpl] - > AuthenticationHandler: > org.jasig.cas.authentication.handler.support.HttpBasedServiceCredentialsAuthenticationHandlerfailed > to authenticate the user. > 2007-10-17 11:01:17,720 ERROR [org.jasig.cas.web.ServiceValidateController] > - TicketException generating ticket for: > https://ca-dti-simrou:8443/sakai-login-tool/CasProxyServlet > org.jasig.cas.ticket.TicketCreationException: > error.authentication.credentials.bad > at > org.jasig.cas.CentralAuthenticationServiceImpl.delegateTicketGrantingTicket > (CentralAuthenticationServiceImpl.java:216) > at org.jasig.cas.web.ServiceValidateController.handleRequestInternal( > ServiceValidateController.java:128) > at > org.springframework.web.servlet.mvc.AbstractController.handleRequest( > AbstractController.java:139) > at > org.springframework.web.servlet.mvc.SimpleControllerHandlerAdapter.handle( > SimpleControllerHandlerAdapter.java:44) > at org.springframework.web.servlet.DispatcherServlet.doDispatch( > DispatcherServlet.java:717) > at org.springframework.web.servlet.DispatcherServlet.doService( > DispatcherServlet.java:658) > at org.springframework.web.servlet.FrameworkServlet.processRequest( > FrameworkServlet.java:392) > at org.springframework.web.servlet.FrameworkServlet.doGet( > FrameworkServlet.java:347) > at javax.servlet.http.HttpServlet.service(HttpServlet.java:689) > at javax.servlet.http.HttpServlet.service(HttpServlet.java:802) > at org.jasig.cas.web.init.SafeDispatcherServlet.service( > SafeDispatcherServlet.java:115) > at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter( > ApplicationFilterChain.java:252) > at org.apache.catalina.core.ApplicationFilterChain.doFilter( > ApplicationFilterChain.java:173) > at org.apache.catalina.core.StandardWrapperValve.invoke > (StandardWrapperValvejava:213) > at org.apache.catalina.core.StandardContextValve.invoke > (StandardContextValvejava:178) > at org.apache.catalina.core.StandardHostValve.invoke( > StandardHostValve.java:126) > at org.apache.catalina.valves.ErrorReportValve.invoke( > ErrorReportValve.java:105) > at org.apache.catalina.core.StandardEngineValve.invoke( > StandardEngineValve.java:107) > at org.apache.catalina.connector.CoyoteAdapter.service( > CoyoteAdapter.java:148) > at org.apache.jk.server.JkCoyoteHandler.invoke(JkCoyoteHandler.java > :199) > at org.apache.jk.common.HandlerRequest.invoke(HandlerRequest.java > :282) > at org.apache.jk.common.ChannelSocket.invoke(ChannelSocket.java:754) > at org.apache.jk.common.ChannelSocket.processConnection( > ChannelSocket.java:684) > at org.apache.jk.common.ChannelSocket$SocketConnection.runIt( > ChannelSocket.java:876) > at org.apache.tomcat.util.threads.ThreadPool$ControlRunnable.run( > ThreadPool.java:684) > at java.lang.Thread.run(Thread.java:534) > Caused by: error.authentication.credentials.bad > at > org.jasig.cas.authentication.handler.BadCredentialsAuthenticationException > .<clinit>(BadCredentialsAuthenticationException.java:25) > at > org.jasig.cas.authentication.AuthenticationManagerImpl.authenticate( > AuthenticationManagerImpl.java:101) > at > org.jasig.cas.CentralAuthenticationServiceImpl.delegateTicketGrantingTicket > (CentralAuthenticationServiceImpl.java:195) > ... 25 more > > I hope that you have enough details... If not write me back! > > > Cheer's, > > Simon Rousseau > CSSMI > > _______________________________________________ > Yale CAS mailing list > [email protected] > http://tp.its.yale.edu/mailman/listinfo/cas > > -- -Scott Battaglia LinkedIn: http://www.linkedin.com/in/scottbattaglia
_______________________________________________ Yale CAS mailing list [email protected] http://tp.its.yale.edu/mailman/listinfo/cas
