You HAVE to use your host name. The certificates don't work with IP addresses. Its not a CAS issue. Its not a Spring Security issue. Its the ways that Java ensures the validity of a connection. -Scott
-Scott Battaglia PGP Public Key Id: 0x383733AA LinkedIn: http://www.linkedin.com/in/scottbattaglia On Wed, Jul 16, 2008 at 4:07 PM, Graves,Brett <[EMAIL PROTECTED]> wrote: > I'm working with CAS (server version 3.2) and spring-security (version > 2.0.3 with cas-client-core 3.1.3) and I have everything working fine over > http with both the server and my client app deployed on my local tomcat > server. However, when I switched over to https I started getting the > following exception when trying to log in: > > 2008-07-16 13:43:05,774 ERROR > [AbstractCasProtocolUrlBasedTicketValidator.java:49] : java.io.IOException: > HTTPS hostname wrong: should be <[my ip address]> > java.io.IOException: HTTPS hostname wrong: should be <[my ip address]> > at > sun.net.www.protocol.https.HttpsClient.checkURLSpoofing(HttpsClient.java:490) > at > sun.net.www.protocol.https.HttpsClient.afterConnect(HttpsClient.java:415) > at > sun.net.www.protocol.https.AbstractDelegateHttpsURLConnection.connect(AbstractDelegateHttpsURLConnection.java:170) > at > sun.net.www.protocol.http.HttpURLConnection.getInputStream(HttpURLConnection.java:934) > at > sun.net.www.protocol.https.HttpsURLConnectionImpl.getInputStream(HttpsURLConnectionImpl.java:234) > at > org.jasig.cas.client.validation.AbstractCasProtocolUrlBasedTicketValidator.retrieveResponseFromServer(AbstractCasProtocolUrlBasedTicketValidator.java:35) > at > org.jasig.cas.client.validation.AbstractUrlBasedTicketValidator.validate(AbstractUrlBasedTicketValidator.java:178) > at > org.springframework.security.providers.cas.CasAuthenticationProvider.authenticateNow(CasAuthenticationProvider.java:145) > at > org.springframework.security.providers.cas.CasAuthenticationProvider.authenticate(CasAuthenticationProvider.java:131) > at > org.springframework.security.providers.ProviderManager.doAuthentication(ProviderManager.java:195) > > Where [my ip address] was my actual IP address since that's what I was > using for all the urls. In looking at the source, checkURLSpoofing fails > when calling "hostnameverifier.verify(s, session)" and after debugging into > it, the host name verifier being used was > javax.net.ssl.HttpsURLConnection.DefaultHostnameVerifier which always just > returns false. After more testing I found that if I change all the urls > over to use my computer name instead of the IP address it all started > working fine over http and https. Any idea why that would be the case? If > it makes any difference I'm in the process of upgrading from acegisecurity > to spring-security and I used to have a bunch of custom logic to allow for > http traffic during testing/development, but I've removed most of that since > it no longer seems necessary with the latest code. > > Thanks > > ---------------------------------------------------------------------- > CONFIDENTIALITY NOTICE This message and any included attachments are from > Cerner Corporation and are intended only for the addressee. The information > contained in this message is confidential and may constitute inside or > non-public information under international, federal, or state securities > laws. Unauthorized forwarding, printing, copying, distribution, or use of > such information is strictly prohibited and may be unlawful. If you are not > the addressee, please promptly delete this message and notify the sender of > the delivery error by e-mail or you may call Cerner's corporate offices in > Kansas City, Missouri, U.S.A at (+1) (816)221-1024. > _______________________________________________ > Yale CAS mailing list > [email protected] > http://tp.its.yale.edu/mailman/listinfo/cas >
_______________________________________________ Yale CAS mailing list [email protected] http://tp.its.yale.edu/mailman/listinfo/cas
