I am trying to integrate and existing JBOSS application with the CAS client. I changed the we.xml as shown in java cas client instructions and added the jar file (casclient-2.1.1.jar ) in lib directory of the web-inf directory.
As expected, upon accessing the app for the first time, user gets navigated to the CAS server that was installed on a Tomcat. When the CAS validates the user, and send the request back to JBOSS, exception is being thrown by CAS as follows. 11:19:41,105 INFO [STDOUT] 2008-01-07 11:19:41 ERROR tp.cas.client.CASReceipt - edu.yale.its.tp.cas.client.CASAuthenticationException: Unable to validate ProxyTicketValidator [[edu.yale.its.tp.cas.client.ProxyTicketValidator proxyList=[null] [edu.yale.its.tp.cas.client.ServiceTicketValidator casValidateUrl=[h ttps://alx-dev-wrk04.wwre.org:8444/cas-server-webapp-3.1.1/serviceValida te] ticket=[ST-13-qYbLWTpYMEcATIcSlPAO] service=[http%3A%2F%2Falx-dev-lap06.wwre.org %3A8080%2FMGS-Reporting%2Faction%2FreportingHome.do] renew=false]]] 11:19:41,105 INFO [STDOUT] 2008-01-07 11:19:41 ERROR cas.client.filter.CASFilter - edu.yale.its.tp.cas.client.CASAuthenticationException: Unable to valida te ProxyTicketValidator [[edu.yale.its.tp.cas.client.ProxyTicketValidator proxyList=[null] [edu.yale.its.tp.cas.client.ServiceTicketValidator casValidateUrl =[https://alx-dev-wrk04.wwre.org:8444/cas-server-webapp-3.1.1/serviceVal idate] ticket=[ST-13-qYbLWTpYMEcATIcSlPAO] service=[http%3A%2F%2Falx-dev-lap06.wwre. org%3A8080%2FMGS-Reporting%2Faction%2FreportingHome.do] renew=false]]] 11:19:41,120 INFO [STDOUT] 2008-01-07 11:19:41 ERROR web].[localhost].[/MGS-Reporting].[action] - Servlet.service() for servlet action threw exception edu.yale.its.tp.cas.client.CASAuthenticationException: Unable to validate ProxyTicketValidator [[edu.yale.its.tp.cas.client.ProxyTicketValidator proxyList=[ null] [edu.yale.its.tp.cas.client.ServiceTicketValidator casValidateUrl=[https://alx-dev-wrk04.wwre.org:8444/cas-server-webapp-3. 1.1/serviceValidate] ticket =[ST-13-qYbLWTpYMEcATIcSlPAO] service=[http%3A%2F%2Falx-dev-lap06.wwre.org%3A8080%2FMGS-Reporting%2Fac tion%2FreportingHome.do] renew=false]]] at edu.yale.its.tp.cas.client.CASReceipt.getReceipt(CASReceipt.java:52) at edu.yale.its.tp.cas.client.filter.CASFilter.getAuthenticatedUser(CASFilt er.java:455) at edu.yale.its.tp.cas.client.filter.CASFilter.doFilter(CASFilter.java:378) at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(Applica tionFilterChain.java:202) at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilt erChain.java:173) at org.jboss.web.tomcat.filters.ReplyHeaderFilter.doFilter(ReplyHeaderFilte r.java:96) at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(Applica tionFilterChain.java:202) at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilt erChain.java:173) at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValv e.java:213) at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValv e.java:178) at org.jboss.web.tomcat.security.SecurityAssociationValve.invoke(SecurityAs sociationValve.java:175) at org.apache.catalina.authenticator.AuthenticatorBase.invoke(Authenticator Base.java:432) at org.jboss.web.tomcat.security.JaccContextValve.invoke(JaccContextValve.j ava:74) at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java :126) at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java :105) at org.jboss.web.tomcat.tc5.jca.CachedConnectionValve.invoke(CachedConnecti onValve.java:156) at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve. java:107) at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:1 48) at org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:86 9) at org.apache.coyote.http11.Http11BaseProtocol$Http11ConnectionHandler.proc essConnection(Http11BaseProtocol.java:664) at org.apache.tomcat.util.net.PoolTcpEndpoint.processSocket(PoolTcpEndpoint .java:527) at org.apache.tomcat.util.net.MasterSlaveWorkerThread.run(MasterSlaveWorker Thread.java:112) at java.lang.Thread.run(Thread.java:595) Caused by: javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCert PathBuilderException: unable to find valid certification path to requested target at com.sun.net.ssl.internal.ssl.Alerts.getSSLException(Alerts.java:150) at com.sun.net.ssl.internal.ssl.SSLSocketImpl.fatal(SSLSocketImpl.java:1518 ) at com.sun.net.ssl.internal.ssl.Handshaker.fatalSE(Handshaker.java:174) at com.sun.net.ssl.internal.ssl.Handshaker.fatalSE(Handshaker.java:168) at com.sun.net.ssl.internal.ssl.ClientHandshaker.serverCertificate(ClientHa ndshaker.java:848) at com.sun.net.ssl.internal.ssl.ClientHandshaker.processMessage(ClientHands haker.java:106) at com.sun.net.ssl.internal.ssl.Handshaker.processLoop(Handshaker.java:495) at com.sun.net.ssl.internal.ssl.Handshaker.process_record(Handshaker.java:4 33) at com.sun.net.ssl.internal.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java :818) at com.sun.net.ssl.internal.ssl.SSLSocketImpl.performInitialHandshake(SSLSo cketImpl.java:1030) at com.sun.net.ssl.internal.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl. java:1057) at com.sun.net.ssl.internal.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl. java:1041) at sun.net.www.protocol.https.HttpsClient.afterConnect(HttpsClient.java:402 ) at sun.net.www.protocol.https.AbstractDelegateHttpsURLConnection.connect(Ab stractDelegateHttpsURLConnection.java:166) at sun.net.www.protocol.http.HttpURLConnection.getInputStream(HttpURLConnec tion.java:934) at sun.net.www.protocol.https.HttpsURLConnectionImpl.getInputStream(HttpsUR LConnectionImpl.java:234) at edu.yale.its.tp.cas.util.SecureURL.retrieve(SecureURL.java:84) at edu.yale.its.tp.cas.client.ServiceTicketValidator.validate(ServiceTicket Validator.java:212) at edu.yale.its.tp.cas.client.CASReceipt.getReceipt(CASReceipt.java:50) ... 22 more Caused by: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:221) at sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:1 45) at sun.security.validator.Validator.validate(Validator.java:203) at com.sun.net.ssl.internal.ssl.X509TrustManagerImpl.checkServerTrusted(X50 9TrustManagerImpl.java:172) at com.sun.net.ssl.internal.ssl.JsseX509TrustManager.checkServerTrusted(SSL ContextImpl.java:320) at com.sun.net.ssl.internal.ssl.ClientHandshaker.serverCertificate(ClientHa ndshaker.java:841) ... 36 more Caused by: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target at sun.security.provider.certpath.SunCertPathBuilder.engineBuild(SunCertPat hBuilder.java:236) at java.security.cert.CertPathBuilder.build(CertPathBuilder.java:194) at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:216) ... 41 more My web.xml is, <filter> <filter-name>CAS Filter</filter-name> <filter-class>edu.yale.its.tp.cas.client.filter.CASFilter</filter-class> <init-param> <param-name>edu.yale.its.tp.cas.client.filter.loginUrl</param-name> <param-value>https://alx-dev-wrk04.wwre.org:8444/cas-server-webapp-3.1.1 /login</param-value> </init-param> <init-param> <param-name>edu.yale.its.tp.cas.client.filter.validateUrl</param-name> <param-value>https://alx-dev-wrk04.wwre.org:8444/cas-server-webapp-3.1.1 /serviceValidate</param-value> </init-param> <init-param> <param-name>edu.yale.its.tp.cas.client.filter.serverName</param-name> <param-value>alx-dev-lap06.wwre.org:8080</param-value> </init-param> </filter> <filter-mapping> <filter-name>CAS Filter</filter-name> <url-pattern>/action/*</url-pattern> </filter-mapping> Any idea why I am getting the error here?? Is this something to do with SSL on the JBOSS side?? Thank a lot Srikar.
_______________________________________________ Yale CAS mailing list cas@tp.its.yale.edu http://tp.its.yale.edu/mailman/listinfo/cas
