You would be right.
I used the following code to demonstrate that the java on the CAS server
could not access my callback url:
import java.net.*;
import java.io.*;
public class URLDemo
{
public static void main(String args[]) throws Exception
{
try
{
// Check to see that a command parameter was entered
if (args.length != 1)
{
// Print message, pause, then exit
System.err.println ("Invalid command parameters - press any
key");
System.in.read();
System.exit(0);
}
// Create an URL instance
URL url = new URL(args[0]);
// Get an input stream for reading
InputStream in = url.openStream();
// Create a buffered input stream for efficency
//BufferedInputStream bufIn = new BufferedInputStream(in);
BufferedReader r = new BufferedReader(new
InputStreamReader(in));
String s = "";
int count = 1;
// Repeat until end of file
while ( (s = r.readLine()) != null) {
System.out.println( count + ": " + s);
count++;
}
}
catch (MalformedURLException mue)
{
System.err.println ("Invalid URL");
}
catch (IOException ioe)
{
System.err.println ("I/O Error - " + ioe);
}
}
}
[EMAIL PROTECTED] ~]# java URLDemo
"https://my.server.com/YaleClient/CasProxyServlet?pgtId=1&pgtIou=2"
I/O Error - javax.net.ssl.SSLHandshakeException:
sun.security.validator.ValidatorException: PKIX path building failed:
sun.security.provider.certpath.SunCertPathBuilderException: unable to find
valid certification path to requested target
Then I grabbed our company CA cert and added it to the JVM keystore and now
all is well.
[EMAIL PROTECTED] certs]# keytool -importcert -file
/etc/pki/tls/certs/trimble.crt -keypass changeit -keystore
/usr/java/jdk1.6.0_03/jre/lib/security/cacerts -storetype jks -storepass
changeit
scott_battaglia wrote:
>
> Dale,
>
> If you're using a non-commercial CA, then you will need to add it to the
> CAS
> Server JVM's cacerts file.
>
> -Scott
>
--
View this message in context:
http://www.nabble.com/Problem-with-proxyValidate-tf4838600.html#a13847536
Sent from the CAS Users mailing list archive at Nabble.com.
_______________________________________________
Yale CAS mailing list
[email protected]
http://tp.its.yale.edu/mailman/listinfo/cas