Adam,
Thanks a lot for the info. I appreciate it. Satish _____ From: Adam Rybicki [mailto:[EMAIL PROTECTED] Sent: Tuesday, October 30, 2007 2:04 PM To: [EMAIL PROTECTED] Cc: 'Yale CAS mailing list' Subject: Re: Problem with CAS run as a windows service Satish, Right. The instructions for creating the certificate with alias "tomcat" do not specify the keystore location. I believe that this is true for both Tomcat and CAS Web sites. I think there is nothing really wrong with leaving that out in those instructions. However, only Tomcat's Web site gives instructions <http://tomcat.apache.org/tomcat-5.5-doc/ssl-howto.html#Installing%20a%20Cer tificate%20from%20a%20Certificate%20Authority> for installing a properly signed certificate. Tomcat's <http://tomcat.apache.org/tomcat-5.5-doc/ssl-howto.html#Edit%20the%20Tomcat% 20Configuration%20File> documentation details how to point Tomcat at a specific keystore, too. It is appropriate, IMHO, for the Tomcat site, rather than the CAS site, to have more exhaustive documentation on this topic. What I would like to suggest to Scott is to add a link to Tomcat's documentation site from the Solving SSL <http://www.ja-sig.org/products/cas/server/ssl/index.html> Issues page on the CAS Web site. Adam Satish Kumar T wrote: Hi Adam, Thanks a lot for the help. Your solution worked. I copied the .keystore file to the C:\Documents and Settings \local system account and restarted all the tomcats. I was able to access the portal without any problem. BTW: Could you please let me know how the .keystore file get created in my user account without I specifically creating it here? I only remember following the directions of the generating a certificate , exporting it to a file and then importing it into the cacerts file. Thanks for your help Satish _____ From: Adam Rybicki [mailto:[EMAIL PROTECTED] Sent: Tuesday, October 30, 2007 10:37 AM To: [EMAIL PROTECTED]; Yale CAS mailing list Subject: Re: Problem with CAS run as a windows service Satish, This appears to have something to do with the user account in context of which the Tomcats are running. At first I thought that it may be a user-specific JAVA_HOME, but now I think it's something else. My Tomcat is not explicitly configured where to get its SSL certificate. So, it tries to get it from the default keystore locations. The default one on Windows is in %HOME%\.keystore. HOME environment variable is user-specific. On my system,the local system account appears to have its HOME directory in C:\Documents and Settings\LocalService. So, here is something you could try quickly: 1. Shut down all Tomcats 2. Copy %HOME%\.keystore to C:\Documents and Settings\LocalService (or whatever directory is HOME for the local system account) 3. Start all Tomcats as services 4. Try accessing the portal again Adam Satish Kumar T wrote: Hi All, I am encountering a problem when if I attempt to run the tomcat service containing the CAS application as a windows service. Here is the scenario. 1. I have Liferay portal, CAS application and an application running on 3 tomcat servers. 2. I have configured the portal and the application to use SSO. 3. If each of the tomcat servers are started from the command prompt using "catalina run", I am able to successfully access the SSO page , the Liferay portal and the application defined as a porlet. 4. I attempted to install each of them as a service on windows using "service install". 5. If I do that and try to access the portal the I get the following error message There is a problem with this website's security certificate. The security certificate presented by this website was not issued by a trusted certificate authority. The security certificate presented by this website has expired or is not yet valid. The security certificate presented by this website was issued for a different website's address. Security certificate problems may indicate an attempt to fool you or intercept any data you send to the server. We recommend that you close this webpage and do not continue to this website. Click here to close this webpage. Continue <http://mace.avexus.com/c/portal/login> to this website (not recommended). More information a. Subsequently I click on the URL that says " Continue to <http://mace.avexus.com/c/portal/login> this website (not recommended).". I can access the SSO page where I enter the userid and password. b. After I click on Login button there is no display or error message on the page and the following shows up in the log file of the Liferay portal application 02:24:24,672 ERROR [CASReceipt:55] edu.yale.its.tp.cas.client.CASAuthenticationException: Unable to validate ProxyTicketValidator [[edu.yale.its.tp.cas.client.ProxyTicketValidator proxyList=[null] [edu.yale.its.tp.cas.client.ServiceTicketValidator casValidateUrl=[https://mace.avexus.com:8443/cas-web/proxyValidate <https://mace.avexus.com:8443/cas-web/proxyValidate> ] ticket=[ST-1-Wnm5wy0jkgxZEDHRt5TvNzDJ1ATxaJlmAJg-20] service=[http%3A%2F%2Fmace.avexus.com%3A8879%2Fc%2Fportal%2Flogin] renew=false]]] 02:24:24,688 ERROR [CASFilter:380] edu.yale.its.tp.cas.client.CASAuthenticationException: Unable to validate ProxyTicketValidator [[edu.yale.its.tp.cas.client.ProxyTicketValidator proxyList=[null] [edu.yale.its.tp.cas.client.ServiceTicketValidator casValidateUrl=[https://mace.avexus.com:8443/cas-web/proxyValidate] ticket=[ST-1-Wnm5wy0jkgxZEDHRt5TvNzDJ1ATxaJlmAJg-20] service=[http%3A%2F%2Fmace.avexus.com%3A8879%2Fc%2Fportal%2Flogin] renew=false]]] 02:24:24,688 ERROR [CASFilter:101] javax.servlet.ServletException: Unable to validate ProxyTicketValidator [[edu.yale.its.tp.cas.client.ProxyTicketValidator proxyList=[null] [edu.yale.its.tp.cas.client.ServiceTicketValidator casValidateUrl=[https://mace.avexus.com:8443/cas-web/proxyValidate] ticket=[ST-1-Wnm5wy0jkgxZEDHRt5TvNzDJ1ATxaJlmAJg-20] service=[http%3A%2F%2Fmace.avexus.com%3A8879%2Fc%2Fportal%2Flogin] renew=false]]] javax.servlet.ServletException: Unable to validate ProxyTicketValidator [[edu.yale.its.tp.cas.client.ProxyTicketValidator proxyList=[null] [edu.yale.its.tp.cas.client.ServiceTicketValidator casValidateUrl=[https://mace.avexus.com:8443/cas-web/proxyValidate] ticket=[ST-1-Wnm5wy0jkgxZEDHRt5TvNzDJ1ATxaJlmAJg-20] service=[http%3A%2F%2Fmace.avexus.com%3A8879%2Fc%2Fportal%2Flogin] renew=false]]] at edu.yale.its.tp.cas.client.filter.CASFilter.doFilter(CASFilter.java:381) at com.liferay.portal.servlet.filters.sso.cas.CASFilter.doFilter(CASFilter.java :93) at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(Application FilterChain.java:215) at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterCh ain.java:188) at com.liferay.portal.servlet.filters.virtualhost.VirtualHostFilter.doFilter(Vi rtualHostFilter.java:123) at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(Application FilterChain.java:215) at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterCh ain.java:188) at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.ja va:210) at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.ja va:174) at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase .java:433) at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:127 ) at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:117 ) at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java :108) at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:151) at org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:870) at org.apache.coyote.http11.Http11BaseProtocol$Http11ConnectionHandler.processC onnection(Http11BaseProtocol.java:665) at org.apache.tomcat.util.net.PoolTcpEndpoint.processSocket(PoolTcpEndpoint.jav a:528) at org.apache.tomcat.util.net.LeaderFollowerWorkerThread.runIt(LeaderFollowerWo rkerThread.java:81) at org.apache.tomcat.util.threads.ThreadPool$ControlRunnable.run(ThreadPool.jav a:685) at java.lang.Thread.run(Thread.java:595) c. I then stopped the CAS windows service and started it from the command prompt using "catalina run" d. I was able to successfully access the SSO, Liferay and the application without any problem. e. I installed the certificate in the cacerts file stored in the C:\Program Files\Java\jdk1.5.0_09\jre\lib\security. f. The JAVA_HOME points to C:\Program Files\Java\jdk1.5.0_09\. This is true when I run the tomcat service as a windows service as well as from the command prompt. Could you please let me know the specific requirements for CAS if it needs to be run as a windows service? Please let me know if you need any further information from me. Thanks a lot in advance and I really appreciate your time. Regards Satish _____ _______________________________________________ Yale CAS mailing list [email protected] http://tp.its.yale.edu/mailman/listinfo/cas
_______________________________________________ Yale CAS mailing list [email protected] http://tp.its.yale.edu/mailman/listinfo/cas
