Dear QingZhao, You may have forget to set the right keyAlias attribute (i.e. keyAlias="tscmsso2") in your server.xml <Connector> element
regards, Jack qingzhao zheng wrote: > Hi, > I deploy cas server and cas client on two machines,and when I visit > the HelloWorldExample ,it redirect to the login page, > after I enter the name/password.it return to the HelloworldExample > page with ticket ,but throw a exception. > exception > javax.servlet.ServletException: > sun.security.validator.ValidatorException: PKIX path building failed: > sun.security.provider.certpath.SunCertPathBuilderException: unable to > find valid certification path to requested target > edu.yale.its.tp.cas.client.filter.CASFilter.getAuthenticatedUser(CASFilter.java:254) > edu.yale.its.tp.cas.client.filter.CASFilter.doFilter(CASFilter.java:184) > filters.ExampleFilter.doFilter(ExampleFilter.java:102) > > root cause > javax.net.ssl.SSLHandshakeException: > sun.security.validator.ValidatorException: PKIX path building failed: > sun.security.provider.certpath.SunCertPathBuilderException: unable to > find valid certification path to requested target > the situation is: > cas server is on machine1(computer name:qing),cas server is under > tomcat5/webapps > I make certifacte like this: > keytool -genkey -keyalg RSA -alias tcmsso2 -dname "cn=qing" -keystore > tcmserver2.keystore -storepass changeit > keytool -export -alias tcmsso2 -keystore tcmserver2.keystore -file > C:/jre1.5.0_07/lib/security/tcmsso2.crt -storepass changeit > keytool -import -alias tcmsso2 -file > C:/jre1.5.0_07/lib/security/tcmsso2.crt -keystore > C:/jre1.5.0_07/lib/security/cacerts -storepass changeit > I config machine1's tomcat like this: > <Connector protocol="org.apache.coyote.http11.Http11Protocol" > port="8443" minSpareThreads="5" maxSpareThreads="75" > enableLookups="false" disableUploadTimeout="true" > acceptCount="100" maxThreads="200" > scheme="https" secure="true" SSLEnabled="true" > keystoreFile="/tcmserver2.keystore" keystorePass="changeit" > truststoreFile="C:/jre1.5.0_07/lib/security/cacerts" > clientAuth="false" sslProtocol="TLS"/> > cas client is on machine2(computer name:wjj),cas client is under > tomcat5/webapps > I put cas-client.jar under webapps/servlets-examples/WEB-INF/lib, > config the web.xml as such: > <filter> > <filter-name>CAS Filter</filter-name> > <filter-class>edu.yale.its.tp.cas.client.filter.CASFilter</filter-class> > <init-param> > <param-name>edu.yale.its.tp.cas.client.filter.loginUrl</param-name> > <param-value>https://qing:8443/cas/login</param-value> > </init-param> > <init-param> > <param-name>edu.yale.its.tp.cas.client.filter.validateUrl</param-name> > <param-value>https://qing:8443/cas/serviceValidate</param-value> > </init-param> > <init-param> > <param-name>edu.yale.its.tp.cas.client.filter.serverName</param-name> > <param-value>wjj:8888</param-value> > </init-param> > </filter> > and import the server's certificate. > keytool -import -alias tcmsso2 -file > C:/jre1.5.0_07/lib/security/tcmsso2.crt -keystore > C:/jre1.5.0_07/lib/security/cacerts -storepass changeit > both machines are run windows XP ,for cas does not support ip; > I add 10.214.33.211 qing to the C:\WINDOWS\system32\drivers\etc\hosts > on machine1 > and add 10.214.33.211 qing 10.214.33.156 wjj to the > C:\WINDOWS\system32\drivers\etc\hosts on machine2 > strangely,if the cas server and cas client are on the same machine > ,they works well. > Is there something wrong? > Thanks for your help, > qingzhao > > ------------------------------------------------------------------------ > 雅虎邮箱,您的终生邮箱! <http://cn.mail.yahoo.com/> > ------------------------------------------------------------------------ > > _______________________________________________ > Yale CAS mailing list > [email protected] > http://tp.its.yale.edu/mailman/listinfo/cas >
_______________________________________________ Yale CAS mailing list [email protected] http://tp.its.yale.edu/mailman/listinfo/cas
