Re: Problem with CAS run as a windows service

Tue, 30 Oct 2007 10:08:05 -0800

Satish,

This appears to have something to do with the user account in context of which the Tomcats are running.  At first I thought that it may be a user-specific JAVA_HOME, but now I think it's something else.  My Tomcat is not explicitly configured where to get its SSL certificate.  So, it tries to get it from the default keystore locations.  The default one on Windows is in %HOME%\.keystore.  HOME environment variable is user-specific.  On my system,the local system account appears to have its HOME directory in C:\Documents and Settings\LocalService.  So, here is something you could try quickly:
  1. Shut down all Tomcats
  2. Copy %HOME%\.keystore to C:\Documents and Settings\LocalService (or whatever directory is HOME for the local system account)
  3. Start all Tomcats as services
  4. Try accessing the portal again

Adam

Satish Kumar T wrote:

Hi All,

I am encountering a problem when if I attempt to run the tomcat service containing the CAS application as a windows service.

Here is the scenario.

  1. I have Liferay portal, CAS application and an application running on 3 tomcat servers.
  2. I have configured the portal and the application to use SSO.
  3. If each of the tomcat servers are started from the command prompt using "catalina run",  I am able to successfully access the SSO page , the Liferay portal and the application defined as a porlet.
  4. I attempted to install each of them as a service on windows using "service install".
  5. If I do that and try to access the portal the I get the following error message

 

There is a problem with this website's security certificate.

 

 

 

The security certificate presented by this website was not issued by a trusted certificate authority.

The security certificate presented by this website has expired or is not yet valid.

The security certificate presented by this website was issued for a different website's address.


Security certificate problems may indicate an attempt to fool you or intercept any data you send to the server.

 

We recommend that you close this webpage and do not continue to this website.

 

Click here to close this webpage.

 

Continue to this website (not recommended).

 

 

More information

a.       Subsequently I click on the URL that says " Continue to this website (not recommended).". I can access the SSO page where I enter the userid and password.

b.       After I click on Login button there is no display or error message on the page and the following shows up in the log file of the Liferay portal application

02:24:24,672 ERROR [CASReceipt:55] edu.yale.its.tp.cas.client.CASAuthenticationException: Unable to validate ProxyTicketValidator [[edu.yale.its.tp.cas.client.ProxyTicketValidator proxyList=[null] [edu.yale.its.tp.cas.client.ServiceTicketValidator casValidateUrl=[https://mace.avexus.com:8443/cas-web/proxyValidate ] ticket=[ST-1-Wnm5wy0jkgxZEDHRt5TvNzDJ1ATxaJlmAJg-20] service=[http%3A%2F%2Fmace.avexus.com%3A8879%2Fc%2Fportal%2Flogin] renew=false]]]

02:24:24,688 ERROR [CASFilter:380] edu.yale.its.tp.cas.client.CASAuthenticationException: Unable to validate ProxyTicketValidator [[edu.yale.its.tp.cas.client.ProxyTicketValidator proxyList=[null] [edu.yale.its.tp.cas.client.ServiceTicketValidator casValidateUrl=[https://mace.avexus.com:8443/cas-web/proxyValidate] ticket=[ST-1-Wnm5wy0jkgxZEDHRt5TvNzDJ1ATxaJlmAJg-20] service=[http%3A%2F%2Fmace.avexus.com%3A8879%2Fc%2Fportal%2Flogin] renew=false]]]

02:24:24,688 ERROR [CASFilter:101] javax.servlet.ServletException: Unable to validate ProxyTicketValidator [[edu.yale.its.tp.cas.client.ProxyTicketValidator proxyList=[null] [edu.yale.its.tp.cas.client.ServiceTicketValidator casValidateUrl=[https://mace.avexus.com:8443/cas-web/proxyValidate] ticket=[ST-1-Wnm5wy0jkgxZEDHRt5TvNzDJ1ATxaJlmAJg-20] service=[http%3A%2F%2Fmace.avexus.com%3A8879%2Fc%2Fportal%2Flogin] renew=false]]]

javax.servlet.ServletException: Unable to validate ProxyTicketValidator [[edu.yale.its.tp.cas.client.ProxyTicketValidator proxyList=[null] [edu.yale.its.tp.cas.client.ServiceTicketValidator casValidateUrl=[https://mace.avexus.com:8443/cas-web/proxyValidate] ticket=[ST-1-Wnm5wy0jkgxZEDHRt5TvNzDJ1ATxaJlmAJg-20] service=[http%3A%2F%2Fmace.avexus.com%3A8879%2Fc%2Fportal%2Flogin] renew=false]]]

                at edu.yale.its.tp.cas.client.filter.CASFilter.doFilter(CASFilter.java:381)

                at com.liferay.portal.servlet.filters.sso.cas.CASFilter.doFilter(CASFilter.java:93)

                at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:215)

                at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:188)

                at com.liferay.portal.servlet.filters.virtualhost.VirtualHostFilter.doFilter(VirtualHostFilter.java:123)

                at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:215)

                at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:188)

                at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:210)

                at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:174)

                at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:433)

                at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:127)

                at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:117)

                at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:108)

                at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:151)

                at org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:870)

                at org.apache.coyote.http11.Http11BaseProtocol$Http11ConnectionHandler.processConnection(Http11BaseProtocol.java:665)

                at org.apache.tomcat.util.net.PoolTcpEndpoint.processSocket(PoolTcpEndpoint.java:528)

                at org.apache.tomcat.util.net.LeaderFollowerWorkerThread.runIt(LeaderFollowerWorkerThread.java:81)

                at org.apache.tomcat.util.threads.ThreadPool$ControlRunnable.run(ThreadPool.java:685)

                at java.lang.Thread.run(Thread.java:595)

c.       I then stopped the CAS windows service and started it from the command prompt using "catalina run"

d.       I was able to successfully access the SSO, Liferay and the application without any problem.

e.       I installed the certificate in the cacerts file stored in the C:\Program Files\Java\jdk1.5.0_09\jre\lib\security.

f.         The JAVA_HOME points to C:\Program Files\Java\jdk1.5.0_09\. This is true when I run the tomcat service as a windows service as well as from the command prompt.

Could you please let me know the specific requirements for CAS if it needs to be run as a windows service?

Please let me know if you need any further information from me.

Thanks a lot in advance and I really appreciate your time.

 Regards

Satish

 

 


_______________________________________________
Yale CAS mailing list
[email protected]
http://tp.its.yale.edu/mailman/listinfo/cas
  



begin:vcard
fn:Adam Rybicki
n:Rybicki;Adam
org:Unicon, Inc.;Professional Services
adr:Suite 113;;3140 North Arizona Avenue;Chandler;AZ;85225;United States
email;internet:[EMAIL PROTECTED]
tel;work:+1-480-558-2400
tel;home:+1-310-265-8286
tel;cell:+1-310-980-2758
x-mozilla-html:FALSE
url:http://www.unicon.net/
version:2.1
end:vcard

Attachment: smime.p7s
Description: S/MIME Cryptographic Signature

_______________________________________________
Yale CAS mailing list
[email protected]
http://tp.its.yale.edu/mailman/listinfo/cas

Reply via email to