Simon, Who generated the SSL certificate for the server that has a service protected by CAS? If it is self-signed, then you should look into getting a proper SSL certificate. If it isn't self-signed, then simply add the certificate of whoever signed it.
Regards, Andrew R Feller, Analyst Subversion Administrator University Information Systems Louisiana State University [EMAIL PROTECTED] (office) 225.578.3737 -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Simon Rousseau Sent: Monday, October 22, 2007 12:26 PM To: [email protected] Subject: Re: cas Digest, Vol 53, Issue 43 Hi, Thank you both Andrew and Scott. You've confirmed what I was suspecting... I will have to convince our CAS administrator to add my local machine certificate to the CAS cacerts... Thank's a lot, Simon Rousseau CSSMI ----- Original Message ----- From: <[EMAIL PROTECTED]> To: <[email protected]> Sent: Monday, October 22, 2007 12:00 PM Subject: cas Digest, Vol 53, Issue 43 > Send cas mailing list submissions to > [email protected] > > To subscribe or unsubscribe via the World Wide Web, visit > http://tp.its.yale.edu/mailman/listinfo/cas > or, via email, send a message with subject or body 'help' to > [EMAIL PROTECTED] > > You can reach the person managing the list at > [EMAIL PROTECTED] > > When replying, please edit your Subject line so it is more specific > than "Re: Contents of cas digest..." > > > Today's Topics: > > 1. CAS proxy mode (Simon Rousseau) > 2. RE: CAS proxy mode (Andrew R Feller) > 3. Re: CAS proxy mode (Scott Battaglia) > > > ---------------------------------------------------------------------- > > Message: 1 > Date: Mon, 22 Oct 2007 07:54:34 -0400 > From: "Simon Rousseau" <[EMAIL PROTECTED]> > Subject: CAS proxy mode > To: <[email protected]> > Message-ID: <[EMAIL PROTECTED]> > Content-Type: text/plain; charset="iso-8859-1" > > Hi, > > We are wondering about a little details. > > When we want to use CAS in proxy mode, do we need to add the certificate > from the distant server in the CAS cacert? > > I'm asking this because at this time, our application can successfully > connect to the CAS server but when we read the CAS log we see an error in > it. As you can see a service ticket is granted but in the second part an > Exception is trowed on creation of the proxy ticket. > > 2007-10-17 11:01:17,658 INFO > [org.jasig.cas.CentralAuthenticationServiceImpl] - Granted service ticket > [ST-4-Z9y6r2ny5x1GpHF9nkrRbEtcrt6UlHfhtLZ-20] for service > [http://ca-dti-simrou:8080/sakai-login-tool/container] for user [851s555] > 2007-10-17 11:01:17,716 ERROR [org.jasig.cas.util.UrlUtils] - > javax.net.ssl.SSLHandshakeException: > sun.security.validator.ValidatorException: No trusted certificate found > javax.net.ssl.SSLHandshakeException: > sun.security.validator.ValidatorException: No trusted certificate found > at com.sun.net.ssl.internal.ssl.BaseSSLSocketImpl.a(DashoA12275) > at com.sun.net.ssl.internal.ssl.SSLSocketImpl.a(DashoA12275) > at com.sun.net.ssl.internal.ssl.SSLSocketImpl.a(DashoA12275) > at com.sun.net.ssl.internal.ssl.SunJSSE_az.a(DashoA12275) > at com.sun.net.ssl.internal.ssl.SunJSSE_az.a(DashoA12275) > at com.sun.net.ssl.internal.ssl.SunJSSE_ax.a(DashoA12275) > at com.sun.net.ssl.internal.ssl.SSLSocketImpl.a(DashoA12275) > at com.sun.net.ssl.internal.ssl.SSLSocketImpl.j(DashoA12275) > at com.sun.net.ssl.internal.ssl.SSLSocketImpl.b(DashoA12275) > at > com.sun.net.ssl.internal.ssl.SSLSocketImpl.startHandshake(DashoA12275) > at sun.net.www.protocol.https.HttpsClient.afterConnect(DashoA12275) > at > sun.net.www.protocol.https.AbstractDelegateHttpsURLConnection.connect(Da shoA12275) > at > sun.net.www.protocol.http.HttpURLConnection.getInputStream(HttpURLConnec tion.java:626) > at > java.net.HttpURLConnection.getResponseCode(HttpURLConnection.java:272) > at > sun.net.www.protocol.https.HttpsURLConnectionImpl.getResponseCode(DashoA 12275) > at > org.jasig.cas.util.UrlUtils.getResponseCodeFromUrl(UrlUtils.java:45) > at > org.jasig.cas.authentication.handler.support.HttpBasedServiceCredentials AuthenticationHandler.authenticate > (HttpBasedServiceCredentialsAuthenticationHandler.java:63) > at > org.jasig.cas.authentication.AuthenticationManagerImpl.authenticate(Auth enticationManagerImpl.java:79) > at > org.jasig.cas.CentralAuthenticationServiceImpl.delegateTicketGrantingTic ket(CentralAuthenticationServiceImpl.java:195) > at > org.jasig.cas.web.ServiceValidateController.handleRequestInternal(Servic eValidateController.java:128) > at > org.springframework.web.servlet.mvc.AbstractController.handleRequest(Abs tractController.java:139) > at > org.springframework.web.servlet.mvc.SimpleControllerHandlerAdapter.handl e(SimpleControllerHandlerAdapter.java:44) > at > org.springframework.web.servlet.DispatcherServlet.doDispatch(DispatcherS ervlet.java:717) > at > org.springframework.web.servlet.DispatcherServlet.doService(DispatcherSe rvlet.java:658) > at > org.springframework.web.servlet.FrameworkServlet.processRequest(Framewor kServlet.java:392) > at > org.springframework.web.servlet.FrameworkServlet.doGet(FrameworkServlet. java:347) > at javax.servlet.http.HttpServlet.service(HttpServlet.java:689) > at javax.servlet.http.HttpServlet.service(HttpServlet.java:802) > at > org.jasig.cas.web.init.SafeDispatcherServlet.service(SafeDispatcherServl et.java:115) > at > org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(Applica tionFilterChain.java:252) > at > org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilt erChain.java:173) > at > org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValv ejava:213) > at > org.apache.catalina.core.StandardContextValve.invoke(StandardContextValv ejava:178) > at > org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java :126) > at > org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java :105) > at > org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve. java:107) > at > org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:1 48) > at > org.apache.jk.server.JkCoyoteHandler.invoke(JkCoyoteHandler.java:199) > at org.apache.jk.common.HandlerRequest.invoke(HandlerRequest.java:282) > at org.apache.jk.common.ChannelSocket.invoke(ChannelSocket.java:754) > at > org.apache.jk.common.ChannelSocket.processConnection(ChannelSocket.java: 684) > at > org.apache.jk.common.ChannelSocket$SocketConnection.runIt(ChannelSocket. java:876) > at > org.apache.tomcat.util.threads.ThreadPool$ControlRunnable.run(ThreadPool .java:684) > at java.lang.Thread.run(Thread.java:534) > Caused by: sun.security.validator.ValidatorException: No trusted > certificate found > at > sun.security.validator.SimpleValidator.buildTrustedChain(SimpleValidator .java:304) > at > sun.security.validator.SimpleValidator.engineValidate(SimpleValidator.ja va:107) > at sun.security.validator.Validator.validate(Validator.java:202) > at > com.sun.net.ssl.internal.ssl.X509TrustManagerImpl.checkServerTrusted(Das hoA12275) > at > com.sun.net.ssl.internal.ssl.JsseX509TrustManager.checkServerTrusted(Das hoA12275) > ... 41 more > 2007-10-17 11:01:17,720 INFO > [org.jasig.cas.authentication.AuthenticationManagerImpl] - > AuthenticationHandler: > org.jasig.cas.authentication.handler.support.HttpBasedServiceCredentials AuthenticationHandler > failed to authenticate the user. > 2007-10-17 11:01:17,720 ERROR > [org.jasig.cas.web.ServiceValidateController] - TicketException generating > ticket for: https://ca-dti-simrou:8443/sakai-login-tool/CasProxyServlet > org.jasig.cas.ticket.TicketCreationException: > error.authentication.credentials.bad > at > org.jasig.cas.CentralAuthenticationServiceImpl.delegateTicketGrantingTic ket(CentralAuthenticationServiceImpl.java:216) > at > org.jasig.cas.web.ServiceValidateController.handleRequestInternal(Servic eValidateController.java:128) > at > org.springframework.web.servlet.mvc.AbstractController.handleRequest(Abs tractController.java:139) > at > org.springframework.web.servlet.mvc.SimpleControllerHandlerAdapter.handl e(SimpleControllerHandlerAdapter.java:44) > at > org.springframework.web.servlet.DispatcherServlet.doDispatch(DispatcherS ervlet.java:717) > at > org.springframework.web.servlet.DispatcherServlet.doService(DispatcherSe rvlet.java:658) > at > org.springframework.web.servlet.FrameworkServlet.processRequest(Framewor kServlet.java:392) > at > org.springframework.web.servlet.FrameworkServlet.doGet(FrameworkServlet. java:347) > at javax.servlet.http.HttpServlet.service(HttpServlet.java:689) > at javax.servlet.http.HttpServlet.service(HttpServlet.java:802) > at > org.jasig.cas.web.init.SafeDispatcherServlet.service(SafeDispatcherServl et.java:115) > at > org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(Applica tionFilterChain.java:252) > at > org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilt erChain.java:173) > at > org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValv ejava:213) > at > org.apache.catalina.core.StandardContextValve.invoke(StandardContextValv ejava:178) > at > org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java :126) > at > org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java :105) > at > org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve. java:107) > at > org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:1 48) > at > org.apache.jk.server.JkCoyoteHandler.invoke(JkCoyoteHandler.java:199) > at org.apache.jk.common.HandlerRequest.invoke(HandlerRequest.java:282) > at org.apache.jk.common.ChannelSocket.invoke(ChannelSocket.java:754) > at > org.apache.jk.common.ChannelSocket.processConnection(ChannelSocket.java: 684) > at > org.apache.jk.common.ChannelSocket$SocketConnection.runIt(ChannelSocket. java:876) > at > org.apache.tomcat.util.threads.ThreadPool$ControlRunnable.run(ThreadPool .java:684) > at java.lang.Thread.run(Thread.java:534) > Caused by: error.authentication.credentials.bad > at > org.jasig.cas.authentication.handler.BadCredentialsAuthenticationExcepti on.<clinit>(BadCredentialsAuthenticationException.java:25) > at > org.jasig.cas.authentication.AuthenticationManagerImpl.authenticate(Auth enticationManagerImpl.java:101) > at > org.jasig.cas.CentralAuthenticationServiceImpl.delegateTicketGrantingTic ket(CentralAuthenticationServiceImpl.java:195) > ... 25 more > > I hope that you have enough details... If not write me back! > > > Cheer's, > > Simon Rousseau > CSSMI > -------------- next part -------------- > An HTML attachment was scrubbed... > URL: > http://tp.its.yale.edu/pipermail/cas/attachments/20071022/994e52a7/attac hment-0001.html > > ------------------------------ > > Message: 2 > Date: Mon, 22 Oct 2007 07:19:07 -0500 > From: "Andrew R Feller" <[EMAIL PROTECTED]> > Subject: RE: CAS proxy mode > To: "Yale CAS mailing list" <[email protected]> > Message-ID: <[EMAIL PROTECTED]> > Content-Type: text/plain; charset="us-ascii" > > Simon, > > > > Yes, you should have the intermediary CA's certificate for whoever > generates your SSL certificates in the CA bundle on your machines. You > might also enforce HTTPS access to Sakai's login tool > (http://ca-dti-simrou:8080/sakai-login-tool/container) > > > > Andrew R Feller, Analyst > > Subversion Administrator > > University Information Systems > > Louisiana State University > > [EMAIL PROTECTED] > > (office) 225.578.3737 > > ________________________________ > > From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] > On Behalf Of Simon Rousseau > Sent: Monday, October 22, 2007 6:55 AM > To: [email protected] > Subject: CAS proxy mode > > > > Hi, > > We are wondering about a little details. > > When we want to use CAS in proxy mode, do we need to add the certificate > from the distant server in the CAS cacert? > > I'm asking this because at this time, our application can successfully > connect to the CAS server but when we read the CAS log we see an error > in it. As you can see a service ticket is granted but in the second part > an Exception is trowed on creation of the proxy ticket. > > 2007-10-17 11:01:17,658 INFO > [org.jasig.cas.CentralAuthenticationServiceImpl] - Granted service > ticket [ST-4-Z9y6r2ny5x1GpHF9nkrRbEtcrt6UlHfhtLZ-20] for service > [http://ca-dti-simrou:8080/sakai-login-tool/container] for user > [851s555] > 2007-10-17 11:01:17,716 ERROR [org.jasig.cas.util.UrlUtils] - > javax.net.ssl.SSLHandshakeException: > sun.security.validator.ValidatorException: No trusted certificate found > javax.net.ssl.SSLHandshakeException: > sun.security.validator.ValidatorException: No trusted certificate found > at com.sun.net.ssl.internal.ssl.BaseSSLSocketImpl.a(DashoA12275) > at com.sun.net.ssl.internal.ssl.SSLSocketImpl.a(DashoA12275) > at com.sun.net.ssl.internal.ssl.SSLSocketImpl.a(DashoA12275) > at com.sun.net.ssl.internal.ssl.SunJSSE_az.a(DashoA12275) > at com.sun.net.ssl.internal.ssl.SunJSSE_az.a(DashoA12275) > at com.sun.net.ssl.internal.ssl.SunJSSE_ax.a(DashoA12275) > at com.sun.net.ssl.internal.ssl.SSLSocketImpl.a(DashoA12275) > at com.sun.net.ssl.internal.ssl.SSLSocketImpl.j(DashoA12275) > at com.sun.net.ssl.internal.ssl.SSLSocketImpl.b(DashoA12275) > at > com.sun.net.ssl.internal.ssl.SSLSocketImpl.startHandshake(DashoA12275) > at sun.net.www.protocol.https.HttpsClient.afterConnect(DashoA12275) > at > sun.net.www.protocol.https.AbstractDelegateHttpsURLConnection.connect(Da > shoA12275) > at > sun.net.www.protocol.http.HttpURLConnection.getInputStream(HttpURLConnec > tion.java:626) > at > java.net.HttpURLConnection.getResponseCode(HttpURLConnection.java:272) > at > sun.net.www.protocol.https.HttpsURLConnectionImpl.getResponseCode(DashoA > 12275) > at > org.jasig.cas.util.UrlUtils.getResponseCodeFromUrl(UrlUtils.java:45) > at > org.jasig.cas.authentication.handler.support.HttpBasedServiceCredentials > AuthenticationHandler.authenticate > (HttpBasedServiceCredentialsAuthenticationHandler.java:63) > at > org.jasig.cas.authentication.AuthenticationManagerImpl.authenticate(Auth > enticationManagerImpl.java:79) > at > org.jasig.cas.CentralAuthenticationServiceImpl.delegateTicketGrantingTic > ket(CentralAuthenticationServiceImpl.java:195) > at > org.jasig.cas.web.ServiceValidateController.handleRequestInternal(Servic > eValidateController.java:128) > at > org.springframework.web.servlet.mvc.AbstractController.handleRequest(Abs > tractController.java:139) > at > org.springframework.web.servlet.mvc.SimpleControllerHandlerAdapter.handl > e(SimpleControllerHandlerAdapter.java:44) > at > org.springframework.web.servlet.DispatcherServlet.doDispatch(DispatcherS > ervlet.java:717) > at > org.springframework.web.servlet.DispatcherServlet.doService(DispatcherSe > rvlet.java:658) > at > org.springframework.web.servlet.FrameworkServlet.processRequest(Framewor > kServlet.java:392) > at > org.springframework.web.servlet.FrameworkServlet.doGet(FrameworkServlet. > java:347) > at javax.servlet.http.HttpServlet.service(HttpServlet.java:689) > at javax.servlet.http.HttpServlet.service(HttpServlet.java:802) > at > org.jasig.cas.web.init.SafeDispatcherServlet.service(SafeDispatcherServl > et.java:115) > at > org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(Applica > tionFilterChain.java:252) > at > org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilt > erChain.java:173) > at > org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValv > ejava:213) > at > org.apache.catalina.core.StandardContextValve.invoke(StandardContextValv > ejava:178) > at > org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java > :126) > at > org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java > :105) > at > org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve. > java:107) > at > org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:1 > 48) > at > org.apache.jk.server.JkCoyoteHandler.invoke(JkCoyoteHandler.java:199) > at > org.apache.jk.common.HandlerRequest.invoke(HandlerRequest.java:282) > at > org.apache.jk.common.ChannelSocket.invoke(ChannelSocket.java:754) > at > org.apache.jk.common.ChannelSocket.processConnection(ChannelSocket.java: > 684) > at > org.apache.jk.common.ChannelSocket$SocketConnection.runIt(ChannelSocket. > java:876) > at > org.apache.tomcat.util.threads.ThreadPool$ControlRunnable.run(ThreadPool > .java:684) > at java.lang.Thread.run(Thread.java:534) > Caused by: sun.security.validator.ValidatorException: No trusted > certificate found > at > sun.security.validator.SimpleValidator.buildTrustedChain(SimpleValidator > .java:304) > at > sun.security.validator.SimpleValidator.engineValidate(SimpleValidator.ja > va:107) > at sun.security.validator.Validator.validate(Validator.java:202) > at > com.sun.net.ssl.internal.ssl.X509TrustManagerImpl.checkServerTrusted(Das > hoA12275) > at > com.sun.net.ssl.internal.ssl.JsseX509TrustManager.checkServerTrusted(Das > hoA12275) > ... 41 more > 2007-10-17 11:01:17,720 INFO > [org.jasig.cas.authentication.AuthenticationManagerImpl] - > AuthenticationHandler: > org.jasig.cas.authentication.handler.support.HttpBasedServiceCredentials > AuthenticationHandler failed to authenticate the user. > 2007-10-17 11:01:17,720 ERROR > [org.jasig.cas.web.ServiceValidateController] - TicketException > generating ticket for: > https://ca-dti-simrou:8443/sakai-login-tool/CasProxyServlet > org.jasig.cas.ticket.TicketCreationException: > error.authentication.credentials.bad > at > org.jasig.cas.CentralAuthenticationServiceImpl.delegateTicketGrantingTic > ket(CentralAuthenticationServiceImpl.java:216) > at > org.jasig.cas.web.ServiceValidateController.handleRequestInternal(Servic > eValidateController.java:128) > at > org.springframework.web.servlet.mvc.AbstractController.handleRequest(Abs > tractController.java:139) > at > org.springframework.web.servlet.mvc.SimpleControllerHandlerAdapter.handl > e(SimpleControllerHandlerAdapter.java:44) > at > org.springframework.web.servlet.DispatcherServlet.doDispatch(DispatcherS > ervlet.java:717) > at > org.springframework.web.servlet.DispatcherServlet.doService(DispatcherSe > rvlet.java:658) > at > org.springframework.web.servlet.FrameworkServlet.processRequest(Framewor > kServlet.java:392) > at > org.springframework.web.servlet.FrameworkServlet.doGet(FrameworkServlet. > java:347) > at javax.servlet.http.HttpServlet.service(HttpServlet.java:689) > at javax.servlet.http.HttpServlet.service(HttpServlet.java:802) > at > org.jasig.cas.web.init.SafeDispatcherServlet.service(SafeDispatcherServl > et.java:115) > at > org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(Applica > tionFilterChain.java:252) > at > org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilt > erChain.java:173) > at > org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValv > ejava:213) > at > org.apache.catalina.core.StandardContextValve.invoke(StandardContextValv > ejava:178) > at > org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java > :126) > at > org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java > :105) > at > org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve. > java:107) > at > org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:1 > 48) > at > org.apache.jk.server.JkCoyoteHandler.invoke(JkCoyoteHandler.java:199) > at > org.apache.jk.common.HandlerRequest.invoke(HandlerRequest.java:282) > at > org.apache.jk.common.ChannelSocket.invoke(ChannelSocket.java:754) > at > org.apache.jk.common.ChannelSocket.processConnection(ChannelSocket.java: > 684) > at > org.apache.jk.common.ChannelSocket$SocketConnection.runIt(ChannelSocket. > java:876) > at > org.apache.tomcat.util.threads.ThreadPool$ControlRunnable.run(ThreadPool > .java:684) > at java.lang.Thread.run(Thread.java:534) > Caused by: error.authentication.credentials.bad > at > org.jasig.cas.authentication.handler.BadCredentialsAuthenticationExcepti > on.<clinit>(BadCredentialsAuthenticationException.java:25) > at > org.jasig.cas.authentication.AuthenticationManagerImpl.authenticate(Auth > enticationManagerImpl.java:101) > at > org.jasig.cas.CentralAuthenticationServiceImpl.delegateTicketGrantingTic > ket(CentralAuthenticationServiceImpl.java:195) > ... 25 more > > I hope that you have enough details... If not write me back! > > > Cheer's, > > Simon Rousseau > CSSMI > > -------------- next part -------------- > An HTML attachment was scrubbed... > URL: > http://tp.its.yale.edu/pipermail/cas/attachments/20071022/02b803bf/attac hment-0001.html > > ------------------------------ > > Message: 3 > Date: Mon, 22 Oct 2007 09:33:28 -0400 > From: "Scott Battaglia" <[EMAIL PROTECTED]> > Subject: Re: CAS proxy mode > To: "Yale CAS mailing list" <[email protected]> > Message-ID: > <[EMAIL PROTECTED]> > Content-Type: text/plain; charset="iso-8859-1" > > Simon, > > If your proxied application is not using a commercial certificate, its > certificate or or the intermediary CA's certificate will need to be added > to > the cacerts file of the JVM that CAS is run on. This way CAS will trust > the > certificate and issue the proxy ticket. > > -Scott > > On 10/22/07, Simon Rousseau <[EMAIL PROTECTED]> wrote: >> >> Hi, >> >> We are wondering about a little details. >> >> When we want to use CAS in proxy mode, do we need to add the certificate >> from the distant server in the CAS cacert? >> >> I'm asking this because at this time, our application can successfully >> connect to the CAS server but when we read the CAS log we see an error in >> it. As you can see a service ticket is granted but in the second part an >> Exception is trowed on creation of the proxy ticket. >> >> 2007-10-17 11:01:17,658 INFO [ >> org.jasig.cas.CentralAuthenticationServiceImpl] - Granted service ticket >> [ST-4-Z9y6r2ny5x1GpHF9nkrRbEtcrt6UlHfhtLZ-20] for service [ >> http://ca-dti-simrou:8080/sakai-login-tool/container] for user [851s555] >> 2007-10-17 11:01:17,716 ERROR [org.jasig.cas.util.UrlUtils] - >> javax.net.ssl.SSLHandshakeException: >> sun.security.validator.ValidatorException: No trusted certificate found >> javax.net.ssl.SSLHandshakeException: >> sun.security.validator.ValidatorException: No trusted certificate found >> at com.sun.net.ssl.internal.ssl.BaseSSLSocketImpl.a(DashoA12275) >> at com.sun.net.ssl.internal.ssl.SSLSocketImpl.a(DashoA12275) >> at com.sun.net.ssl.internal.ssl.SSLSocketImpl.a(DashoA12275) >> at com.sun.net.ssl.internal.ssl.SunJSSE_az.a(DashoA12275) >> at com.sun.net.ssl.internal.ssl.SunJSSE_az.a(DashoA12275) >> at com.sun.net.ssl.internal.ssl.SunJSSE_ax.a(DashoA12275) >> at com.sun.net.ssl.internal.ssl.SSLSocketImpl.a(DashoA12275) >> at com.sun.net.ssl.internal.ssl.SSLSocketImpl.j(DashoA12275) >> at com.sun.net.ssl.internal.ssl.SSLSocketImpl.b(DashoA12275) >> at com.sun.net.ssl.internal.ssl.SSLSocketImpl.startHandshake >> (DashoA12275) >> at sun.net.www.protocol.https.HttpsClient.afterConnect(DashoA12275) >> at >> sun.net.www.protocol.https.AbstractDelegateHttpsURLConnection.connect >> (DashoA12275) >> at sun.net.www.protocol.http.HttpURLConnection.getInputStream( >> HttpURLConnection.java:626) >> at java.net.HttpURLConnection.getResponseCode(HttpURLConnection.java >> :272) >> at sun.net.www.protocol.https.HttpsURLConnectionImpl.getResponseCode >> (DashoA12275) >> at org.jasig.cas.util.UrlUtils.getResponseCodeFromUrl(UrlUtils.java >> :45) >> at >> org.jasig.cas.authentication.handler.support.HttpBasedServiceCredentials AuthenticationHandler.authenticate >> >> (HttpBasedServiceCredentialsAuthenticationHandler.java:63) >> at >> org.jasig.cas.authentication.AuthenticationManagerImpl.authenticate( >> AuthenticationManagerImpl.java:79) >> at >> org.jasig.cas.CentralAuthenticationServiceImpl.delegateTicketGrantingTic ket >> (CentralAuthenticationServiceImpl.java:195) >> at >> org.jasig.cas.web.ServiceValidateController.handleRequestInternal( >> ServiceValidateController.java:128) >> at >> org.springframework.web.servlet.mvc.AbstractController.handleRequest( >> AbstractController.java:139) >> at >> org.springframework.web.servlet.mvc.SimpleControllerHandlerAdapter.handl e( >> SimpleControllerHandlerAdapter.java:44) >> at org.springframework.web.servlet.DispatcherServlet.doDispatch( >> DispatcherServlet.java:717) >> at org.springframework.web.servlet.DispatcherServlet.doService( >> DispatcherServlet.java:658) >> at org.springframework.web.servlet.FrameworkServlet.processRequest( >> FrameworkServlet.java:392) >> at org.springframework.web.servlet.FrameworkServlet.doGet( >> FrameworkServlet.java:347) >> at javax.servlet.http.HttpServlet.service(HttpServlet.java:689) >> at javax.servlet.http.HttpServlet.service(HttpServlet.java:802) >> at org.jasig.cas.web.init.SafeDispatcherServlet.service( >> SafeDispatcherServlet.java:115) >> at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter( >> ApplicationFilterChain.java:252) >> at org.apache.catalina.core.ApplicationFilterChain.doFilter( >> ApplicationFilterChain.java:173) >> at org.apache.catalina.core.StandardWrapperValve.invoke >> (StandardWrapperValvejava:213) >> at org.apache.catalina.core.StandardContextValve.invoke >> (StandardContextValvejava:178) >> at org.apache.catalina.core.StandardHostValve.invoke( >> StandardHostValve.java:126) >> at org.apache.catalina.valves.ErrorReportValve.invoke( >> ErrorReportValve.java:105) >> at org.apache.catalina.core.StandardEngineValve.invoke( >> StandardEngineValve.java:107) >> at org.apache.catalina.connector.CoyoteAdapter.service( >> CoyoteAdapter.java:148) >> at org.apache.jk.server.JkCoyoteHandler.invoke(JkCoyoteHandler.java >> :199) >> at org.apache.jk.common.HandlerRequest.invoke(HandlerRequest.java >> :282) >> at org.apache.jk.common.ChannelSocket.invoke(ChannelSocket.java:754) >> at org.apache.jk.common.ChannelSocket.processConnection( >> ChannelSocket.java:684) >> at org.apache.jk.common.ChannelSocket$SocketConnection.runIt( >> ChannelSocket.java:876) >> at org.apache.tomcat.util.threads.ThreadPool$ControlRunnable.run( >> ThreadPool.java:684) >> at java.lang.Thread.run(Thread.java:534) >> Caused by: sun.security.validator.ValidatorException: No trusted >> certificate found >> at sun.security.validator.SimpleValidator.buildTrustedChain( >> SimpleValidator.java:304) >> at sun.security.validator.SimpleValidator.engineValidate( >> SimpleValidator.java:107) >> at sun.security.validator.Validator.validate(Validator.java:202) >> at >> com.sun.net.ssl.internal.ssl.X509TrustManagerImpl.checkServerTrusted >> (DashoA12275) >> at >> com.sun.net.ssl.internal.ssl.JsseX509TrustManager.checkServerTrusted >> (DashoA12275) >> ... 41 more >> 2007-10-17 11:01:17,720 INFO [ >> org.jasig.cas.authentication.AuthenticationManagerImpl] - >> AuthenticationHandler: >> org.jasig.cas.authentication.handler.support.HttpBasedServiceCredentials AuthenticationHandlerfailed >> to authenticate the user. >> 2007-10-17 11:01:17,720 ERROR >> [org.jasig.cas.web.ServiceValidateController] >> - TicketException generating ticket for: >> https://ca-dti-simrou:8443/sakai-login-tool/CasProxyServlet >> org.jasig.cas.ticket.TicketCreationException: >> error.authentication.credentials.bad >> at >> org.jasig.cas.CentralAuthenticationServiceImpl.delegateTicketGrantingTic ket >> (CentralAuthenticationServiceImpl.java:216) >> at >> org.jasig.cas.web.ServiceValidateController.handleRequestInternal( >> ServiceValidateController.java:128) >> at >> org.springframework.web.servlet.mvc.AbstractController.handleRequest( >> AbstractController.java:139) >> at >> org.springframework.web.servlet.mvc.SimpleControllerHandlerAdapter.handl e( >> SimpleControllerHandlerAdapter.java:44) >> at org.springframework.web.servlet.DispatcherServlet.doDispatch( >> DispatcherServlet.java:717) >> at org.springframework.web.servlet.DispatcherServlet.doService( >> DispatcherServlet.java:658) >> at org.springframework.web.servlet.FrameworkServlet.processRequest( >> FrameworkServlet.java:392) >> at org.springframework.web.servlet.FrameworkServlet.doGet( >> FrameworkServlet.java:347) >> at javax.servlet.http.HttpServlet.service(HttpServlet.java:689) >> at javax.servlet.http.HttpServlet.service(HttpServlet.java:802) >> at org.jasig.cas.web.init.SafeDispatcherServlet.service( >> SafeDispatcherServlet.java:115) >> at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter( >> ApplicationFilterChain.java:252) >> at org.apache.catalina.core.ApplicationFilterChain.doFilter( >> ApplicationFilterChain.java:173) >> at org.apache.catalina.core.StandardWrapperValve.invoke >> (StandardWrapperValvejava:213) >> at org.apache.catalina.core.StandardContextValve.invoke >> (StandardContextValvejava:178) >> at org.apache.catalina.core.StandardHostValve.invoke( >> StandardHostValve.java:126) >> at org.apache.catalina.valves.ErrorReportValve.invoke( >> ErrorReportValve.java:105) >> at org.apache.catalina.core.StandardEngineValve.invoke( >> StandardEngineValve.java:107) >> at org.apache.catalina.connector.CoyoteAdapter.service( >> CoyoteAdapter.java:148) >> at org.apache.jk.server.JkCoyoteHandler.invoke(JkCoyoteHandler.java >> :199) >> at org.apache.jk.common.HandlerRequest.invoke(HandlerRequest.java >> :282) >> at org.apache.jk.common.ChannelSocket.invoke(ChannelSocket.java:754) >> at org.apache.jk.common.ChannelSocket.processConnection( >> ChannelSocket.java:684) >> at org.apache.jk.common.ChannelSocket$SocketConnection.runIt( >> ChannelSocket.java:876) >> at org.apache.tomcat.util.threads.ThreadPool$ControlRunnable.run( >> ThreadPool.java:684) >> at java.lang.Thread.run(Thread.java:534) >> Caused by: error.authentication.credentials.bad >> at >> org.jasig.cas.authentication.handler.BadCredentialsAuthenticationExcepti on >> .<clinit>(BadCredentialsAuthenticationException.java:25) >> at >> org.jasig.cas.authentication.AuthenticationManagerImpl.authenticate( >> AuthenticationManagerImpl.java:101) >> at >> org.jasig.cas.CentralAuthenticationServiceImpl.delegateTicketGrantingTic ket >> (CentralAuthenticationServiceImpl.java:195) >> ... 25 more >> >> I hope that you have enough details... If not write me back! >> >> >> Cheer's, >> >> Simon Rousseau >> CSSMI >> >> _______________________________________________ >> Yale CAS mailing list >> [email protected] >> http://tp.its.yale.edu/mailman/listinfo/cas >> >> > > > -- > -Scott Battaglia > > LinkedIn: http://www.linkedin.com/in/scottbattaglia > -------------- next part -------------- > An HTML attachment was scrubbed... > URL: > http://tp.its.yale.edu/pipermail/cas/attachments/20071022/5f3ab2b2/attac hment-0001.html > > ------------------------------ > > _______________________________________________ > Yale CAS mailing list > [email protected] > http://tp.its.yale.edu/mailman/listinfo/cas > > > End of cas Digest, Vol 53, Issue 43 > *********************************** > _______________________________________________ Yale CAS mailing list [email protected] http://tp.its.yale.edu/mailman/listinfo/cas _______________________________________________ Yale CAS mailing list [email protected] http://tp.its.yale.edu/mailman/listinfo/cas
