I took a look at debug mode, and I realized a strange thing. Now the system
is under testing (as you may recognized it) and I'm using a test certificate
generated with
$JAVA_HOME/bin/keytool -genkey -alias tomcat -keyalg RSA
I configured the tomcat SSL connector:
<Connector port="8443" minSpareThreads="5" maxSpareThreads="75"
enableLookups="true" disableUploadTimeout="true"
acceptCount="100" maxThreads="200"
scheme="https" secure="true" SSLEnabled="true"
keystoreFile="${user.home}/.keystore" keystorePass="xxxxxx"
clientAuth="false" sslProtocol="TLS"
/>
It seems that the tomcat, which runs the application does not recognize and
accept the certificate, which is served by itself. How can I make tomcat
accept its certificate?
Regards,
Sandor Nemeth
On Fri, Aug 15, 2008 at 11:29 PM, Scott Battaglia <[EMAIL PROTECTED]
> wrote:
> 2008-08-15 22:09:07,922 ERROR [org.jasig.cas.client.
> validation.Cas20ServiceTicketValidator] - <java.net.ConnectException:
> Connection refused>
> java.net.ConnectException: Connection refused
>
> My guess is there may be a typo in one of the urls in the cas.properties
> file. Otherwise there's a url accidentally hard-coded in the
> securityContext.xml that we somehow missed.
>
> -Scott
>
> -Scott Battaglia
> PGP Public Key Id: 0x383733AA
> LinkedIn: http://www.linkedin.com/in/scottbattaglia
>
>
> On Fri, Aug 15, 2008 at 5:20 PM, Sandor Nemeth <
> [EMAIL PROTECTED]> wrote:
>
>> Ok, thanks, I understand now, how this works, but I can not get it to
>> work.
>>
>> I get this error message:
>> You are not authorized to use this application for the following reason: ;
>> nested exception is
>> org.jasig.cas.client.validation.TicketValidationException: The CAS server
>> returned no response..
>>
>> I get this exception:
>> 2008-08-15 22:09:07,922 ERROR
>> [org.jasig.cas.client.validation.Cas20ServiceTicketValidator] -
>> <java.net.ConnectException: Connection refused>
>> java.net.ConnectException: Connection refused
>>
>> According to logs, I have authenticated to the CAS service. I have this
>> login name in the InMemoryDaoImpl, I've changed the URL-s in cas.properties,
>> as the Wiki's Configuration page describes.
>>
>> Regards,
>> Sandor Nemeth
>>
>>
>> On Fri, Aug 15, 2008 at 10:38 PM, Scott Battaglia <
>> [EMAIL PROTECTED]> wrote:
>>
>>> If you're using CAS to authenticate to the services management tool, all
>>> it can find is what's in your LDAP server. The InMemoryDaoImpl merely lists
>>> the users and roles that have access to the Services Management tool.
>>> Putting a password in the InMemoryDaoImpl is meaningless if you're using CAS
>>> to authenticate. Likewise, putting a username there that doesn't exist in
>>> LDAP won't help you since LDAP will never find that username.
>>>
>>> -Scott
>>>
>>> -Scott Battaglia
>>> PGP Public Key Id: 0x383733AA
>>> LinkedIn: http://www.linkedin.com/in/scottbattaglia
>>>
>>>
>>>
>>> On Fri, Aug 15, 2008 at 4:29 PM, Sandor Nemeth <
>>> [EMAIL PROTECTED]> wrote:
>>>
>>>> I banged my head around too, but this version change did solve my
>>>> problem. But I should suggest you to add the following to the dependencies
>>>> if you want to use a not-hsqldb solution for storing services:
>>>>
>>>> <dependency>
>>>> <groupId>org.springframework</groupId>
>>>> <artifactId>spring-jdbc</artifactId>
>>>> <version>${spring.version}</version>
>>>> </dependency>
>>>>
>>>> I had a lot of trouble with it :)
>>>>
>>>> And I'll submit a bug to JIRA because there is a simple escaping error
>>>> in one of the JSP files, and my tomcat (6.0) is shouting for it.
>>>>
>>>> One more question.
>>>> I was trying to get the service management work. I followed the
>>>> tutorial, and modified the deployerConfigContext.xml:
>>>> <bean id="userDetailsService"
>>>> class="org.springframework.security.userdetails.memory.InMemoryDaoImpl">
>>>> <property name="userMap">
>>>> <value>
>>>> cas-admin=xxxxxx,ROLE_ADMIN
>>>> </value>
>>>> </property>
>>>> </bean>
>>>>
>>>> but as I try to authenticate, it fails as the
>>>> BindLdapAuthenticationHandler can not find this username and password.
>>>> Do I have to sign in elsewhere, or did I again miss something in the
>>>> configuration? :S
>>>>
>>>> Regards,
>>>> Sandor Nemeth
>>>>
>>>> On Fri, Aug 15, 2008 at 6:11 PM, <[EMAIL PROTECTED]> wrote:
>>>>
>>>>>
>>>>> I just finished banging my head against something very similar. I was
>>>>> ending up with both the 2.0.7 *and* 2.5.5 jars in my war & getting 'no
>>>>> such method' exceptions. Try running: mvn clean. Then do your build.
>>>>>
>>>>> Also, Scott shared in a Jira task that there's a difference in the way
>>>>> dependencies are handled between Maven 2.0.9 and 2.0.8 (presumably
>>>>> anything
>>>>> below?) So you might want to make sure you have the very latest Maven too.
>>>>>
>>>>>
>>>>> Thanks,
>>>>> Ann
>>>>>
>>>>> ------
>>>>> G. Ann Campbell
>>>>> Systems Engineer
>>>>> Shaw Industries
>>>>>
>>>>>
>>>>>
>>>>>
>>>>> *"Sandor Nemeth" <[EMAIL PROTECTED]>*
>>>>> Sent by: [EMAIL PROTECTED]
>>>>>
>>>>> 08/15/2008 11:45 AM
>>>>> Please respond to
>>>>> Yale CAS mailing list <[email protected]>
>>>>>
>>>>> To
>>>>> "Yale CAS mailing list" <[email protected]>
>>>>> cc
>>>>>
>>>>> Subject
>>>>> CAS 3.3 Final dependencies error
>>>>>
>>>>>
>>>>>
>>>>>
>>>>>
>>>>>
>>>>> Hi again,
>>>>>
>>>>> I faced a new problem here. I thought I just simply make a new build
>>>>> with 3.3 sources, with the same config I built *3.2.1.1*<http://3.2.1.1/>
>>>>> , but it looks like some dependencies are wrong. I took a look at the
>>>>> pom.xml files, but <spring-version> shows me the correct 2.5.5 version.
>>>>> But
>>>>> M2 downloads spring-core v2.0.7 and spring-beans v2.0.7.
>>>>>
>>>>>
>>>>> So there are some missing classes appearing at deploy:
>>>>> org.springframework.beans.PropertyAccessorFactory
>>>>> org.springframework.core.SmartClassLoader
>>>>>
>>>>> Did I miss something at the configuration?
>>>>>
>>>>> I could download the correct jars from the m2 repository ( I'll give it
>>>>> a try, and I think it will work with the v2.5.5 jars) but I think you
>>>>> should
>>>>> be aware of it, if others will experience this problem.
>>>>>
>>>>> Regards,
>>>>> Sandor Nemeth_______________________________________________
>>>>> Yale CAS mailing list
>>>>> [email protected]
>>>>> http://tp.its.yale.edu/mailman/listinfo/cas
>>>>>
>>>>> **********************************************************
>>>>> Privileged and/or confidential information may be contained in this
>>>>> message. If you are not the addressee indicated in this message (or are
>>>>> not responsible for delivery of this message to that person) , you may
>>>>> not copy or deliver this message to anyone. In such case, you should
>>>>> destroy this message and notify the sender by reply e-mail.
>>>>>
>>>>>
>>>>> If you or your employer do not consent to Internet e-mail for messages of
>>>>> this kind, please advise the sender.
>>>>> Shaw Industries does not provide or endorse any opinions, conclusions or
>>>>> other information in this message that do not relate to the official
>>>>> business of the company or its subsidiaries.
>>>>>
>>>>>
>>>>> **********************************************************
>>>>>
>>>>>
>>>>> _______________________________________________
>>>>> Yale CAS mailing list
>>>>> [email protected]
>>>>> http://tp.its.yale.edu/mailman/listinfo/cas
>>>>>
>>>>>
>>>>
>>>>
>>>> --
>>>> Sandor Nemeth
>>>>
>>>> PHP Developer
>>>> mobile: +36 30 862 15 47
>>>> google talk: sandor.nemeth.1986 [at] gmail [dot] com
>>>> msn: praise [at] uw [dot] hu
>>>> skype: prez.nemeth
>>>> blog: http://phptools-alp.blogspot.com/
>>>>
>>>> _______________________________________________
>>>> Yale CAS mailing list
>>>> [email protected]
>>>> http://tp.its.yale.edu/mailman/listinfo/cas
>>>>
>>>>
>>>
>>> _______________________________________________
>>> Yale CAS mailing list
>>> [email protected]
>>> http://tp.its.yale.edu/mailman/listinfo/cas
>>>
>>>
>>
>>
>> --
>> Sandor Nemeth
>>
>> PHP Developer
>> mobile: +36 30 862 15 47
>> google talk: sandor.nemeth.1986 [at] gmail [dot] com
>> msn: praise [at] uw [dot] hu
>> skype: prez.nemeth
>> blog: http://phptools-alp.blogspot.com/
>>
>> _______________________________________________
>> Yale CAS mailing list
>> [email protected]
>> http://tp.its.yale.edu/mailman/listinfo/cas
>>
>>
>
> _______________________________________________
> Yale CAS mailing list
> [email protected]
> http://tp.its.yale.edu/mailman/listinfo/cas
>
>
--
Sandor Nemeth
PHP Developer
mobile: +36 30 862 15 47
google talk: sandor.nemeth.1986 [at] gmail [dot] com
msn: praise [at] uw [dot] hu
skype: prez.nemeth
blog: http://phptools-alp.blogspot.com/
_______________________________________________
Yale CAS mailing list
[email protected]
http://tp.its.yale.edu/mailman/listinfo/cas
