Re: Problem with proxyValidate

[dale77]

You would be right.

I used the following code to demonstrate that the java on the CAS server
could not access my callback url:

import java.net.*;
import java.io.*;

public class URLDemo
{
    public static void main(String args[]) throws Exception
    {
        try
        {
        // Check to see that a command parameter was entered
            if (args.length != 1)
            {
                 // Print message, pause, then exit
                 System.err.println ("Invalid command parameters - press any
key");
                 System.in.read();
                 System.exit(0);
            }

            // Create an URL instance
            URL url = new URL(args[0]);

            // Get an input stream for reading
            InputStream in = url.openStream();

            // Create a buffered input stream for efficency
            //BufferedInputStream bufIn = new BufferedInputStream(in);
            
            BufferedReader r = new BufferedReader(new
InputStreamReader(in));

            String s = "";
            int count = 1;
            // Repeat until end of file
            while ( (s = r.readLine()) != null) {
                System.out.println( count + ": " + s);
                count++;
            }
        }
        catch (MalformedURLException mue)
        {
            System.err.println ("Invalid URL");
        }
        catch (IOException ioe)
        {
            System.err.println ("I/O Error - " + ioe);
        }
    }
}

[EMAIL PROTECTED] ~]# java URLDemo
"https://my.server.com/YaleClient/CasProxyServlet?pgtId=1&pgtIou=2";
I/O Error - javax.net.ssl.SSLHandshakeException:
sun.security.validator.ValidatorException: PKIX path building failed:
sun.security.provider.certpath.SunCertPathBuilderException: unable to find
valid certification path to requested target

Then I grabbed our company CA cert and added it to the JVM keystore and now
all is well.

[EMAIL PROTECTED] certs]# keytool -importcert -file
/etc/pki/tls/certs/trimble.crt -keypass changeit -keystore
/usr/java/jdk1.6.0_03/jre/lib/security/cacerts -storetype jks -storepass
changeit


scott_battaglia wrote:
> 
> Dale,
> 
> If you're using a non-commercial CA, then you will need to add it to the
> CAS
> Server JVM's cacerts file.
> 
> -Scott
> 

-- 
View this message in context: 
http://www.nabble.com/Problem-with-proxyValidate-tf4838600.html#a13847536
Sent from the CAS Users mailing list archive at Nabble.com.

_______________________________________________
Yale CAS mailing list
cas@tp.its.yale.edu
http://tp.its.yale.edu/mailman/listinfo/cas