Laura, It appears that Tomcat is having issues with the SSL certificate used by your OpenLDAP server; i.e. it does not trust it. I am having trouble accessing the URL you specified within your email (http://www.ja-sig.org/wiki/pages/viewpage.action?pageId=10649670). If you are handling SSL certificates with keystores, then you will need to add the LDAP server¹s SSL certificate to your keystore.
A- On 8/26/08 6:45 AM, "Laura QCaballero" <[EMAIL PROTECTED]> wrote: > > Hi, > I'm new to CAS and certificates. > I wish I could explain myself... sorry my poor english. > I'm deploying CAS with Tomcat (5.5) and SSL. > First I used my own LDAP (OpenLDAP) with my own users, all in localhost. I > created the certificates as here > http://www.ja-sig.org/wiki/pages/viewpage.action?pageId=10649670 > and everything worked great. I could login my users. > Now I want to do the same, but with an external LDAP. I can see the CAS login > page, but when I try to login a user, I get an exception: > "sun.security.provider.certpath.SunCertPathBuilderException: unable to find > valid certification path to requested target" > > My deployerConfigContext is: > > > ldaps://XXX.XXX.XX.XX:636/ > > > > Can I use an IP address there instead of LDAP server name? > > I don't know if I have to create a certificate to that existing external LDAP > (not in localhost), or to do a request somewhere to get it. I'm very new to > this, sorry. > > Anyone could help me? > Thanks! > > The exception I mentioned above is the following: > sun.security.provider.certpath.SunCertPathBuilderException: unable to find > valid certification path to requested target > at > sun.security.provider.certpath.SunCertPathBuilder.engineBuild(SunCertPathBuild > er.java:236) > at java.security.cert.CertPathBuilder.build(CertPathBuilder.java:194) > at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:216) > at sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:145) > at sun.security.validator.Validator.validate(Validator.java:203) > at > com.sun.net.ssl.internal.ssl.X509TrustManagerImpl.checkServerTrusted(X509Trust > ManagerImpl.java:172) > at > com.sun.net.ssl.internal.ssl.JsseX509TrustManager.checkServerTrusted(SSLContex > tImpl.java:320) > at > com.sun.net.ssl.internal.ssl.ClientHandshaker.serverCertificate(ClientHandshak > er.java:841) > at > com.sun.net.ssl.internal.ssl.ClientHandshaker.processMessage(ClientHandshaker. > java:106) > at com.sun.net.ssl.internal.ssl.Handshaker.processLoop(Handshaker.java:495) > at com.sun.net.ssl.internal.ssl.Handshaker.process_record(Handshaker.java:433) > at > com.sun.net.ssl.internal.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:818) > at > com.sun.net.ssl.internal.ssl.SSLSocketImpl.performInitialHandshake(SSLSocketIm > pl.java:1030) > at > com.sun.net.ssl.internal.ssl.SSLSocketImpl.writeRecord(SSLSocketImpl.java:622) > at com.sun.net.ssl.internal.ssl.AppOutputStream.write(AppOutputStream.java:59) > at java.io.BufferedOutputStream.flushBuffer(BufferedOutputStream.java:65) > at java.io.BufferedOutputStream.flush(BufferedOutputStream.java:123) > at com.sun.jndi.ldap.Connection.writeRequest(Connection.java:390) > at com.sun.jndi.ldap.LdapClient.ldapBind(LdapClient.java:334) > at com.sun.jndi.ldap.LdapClient.authenticate(LdapClient.java:192) > at com.sun.jndi.ldap.LdapCtx.connect(LdapCtx.java:2637) > at com.sun.jndi.ldap.LdapCtx.(LdapCtx.java:283) > at com.sun.jndi.ldap.LdapCtxFactory.getUsingURL(LdapCtxFactory.java:175) > at com.sun.jndi.ldap.LdapCtxFactory.getUsingURLs(LdapCtxFactory.java:193) > at > com.sun.jndi.ldap.LdapCtxFactory.getLdapCtxInstance(LdapCtxFactory.java:136) > at com.sun.jndi.ldap.LdapCtxFactory.getInitialContext(LdapCtxFactory.java:66) > at javax.naming.spi.NamingManager.getInitialContext(NamingManager.java:667) > at javax.naming.InitialContext.getDefaultInitCtx(InitialContext.java:247) > at javax.naming.InitialContext.init(InitialContext.java:223) > at javax.naming.ldap.InitialLdapContext.(InitialLdapContext.java:134) > at > org.springframework.ldap.support.LdapContextSource.getDirContextInstance(LdapC > ontextSource.java:59) > at > org.springframework.ldap.support.AbstractContextSource.createContext(AbstractC > ontextSource.java:193) > at > org.springframework.ldap.support.AbstractContextSource.getReadOnlyContext(Abst > ractContextSource.java:104) > at org.springframework.ldap.LdapTemplate.search(LdapTemplate.java:263) > at org.springframework.ldap.LdapTemplate.search(LdapTemplate.java:314) > at > org.jasig.cas.adaptors.ldap.BindLdapAuthenticationHandler.authenticateUsername > PasswordInternal(BindLdapAuthenticationHandler.java:67) > at > org.jasig.cas.authentication.handler.support.AbstractUsernamePasswordAuthentic > ationHandler.doAuthentication(AbstractUsernamePasswordAuthenticationHandler.ja > va:56) > at > org.jasig.cas.authentication.handler.support.AbstractPreAndPostProcessingAuthe > nticationHandler.authenticate(AbstractPreAndPostProcessingAuthenticationHandle > r.java:58) > at > org.jasig.cas.authentication.AuthenticationManagerImpl.authenticate(Authentica > tionManagerImpl.java:84) > at > org.jasig.cas.CentralAuthenticationServiceImpl.createTicketGrantingTicket(Cent > ralAuthenticationServiceImpl.java:383) > at > org.jasig.cas.web.flow.AuthenticationViaFormAction.submit(AuthenticationViaFor > mAction.java:107) > at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) > at > sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39) > at > sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.j > ava:25) > at java.lang.reflect.Method.invoke(Method.java:585) > at > org.springframework.webflow.util.DispatchMethodInvoker.invoke(DispatchMethodIn > voker.java:103) > at > org.springframework.webflow.action.MultiAction.doExecute(MultiAction.java:136) > at > org.springframework.webflow.action.AbstractAction.execute(AbstractAction.java: > 203) > at > org.springframework.webflow.engine.AnnotatedAction.execute(AnnotatedAction.jav > a:142) > at > org.springframework.webflow.engine.ActionExecutor.execute(ActionExecutor.java: > 61) > at > org.springframework.webflow.engine.ActionState.doEnter(ActionState.java:180) > at org.springframework.webflow.engine.State.enter(State.java:200) > at org.springframework.webflow.engine.Transition.execute(Transition.java:229) > at > org.springframework.webflow.engine.TransitionableState.onEvent(TransitionableS > tate.java:112) > at org.springframework.webflow.engine.Flow.onEvent(Flow.java:572) > at > org.springframework.webflow.engine.impl.RequestControlContextImpl.signalEvent( > RequestControlContextImpl.java:208) > at > org.springframework.webflow.engine.ActionState.doEnter(ActionState.java:185) > at org.springframework.webflow.engine.State.enter(State.java:200) > at org.springframework.webflow.engine.Transition.execute(Transition.java:229) > at > org.springframework.webflow.engine.TransitionableState.onEvent(TransitionableS > tate.java:112) > at org.springframework.webflow.engine.Flow.onEvent(Flow.java:572) > at > org.springframework.webflow.engine.impl.RequestControlContextImpl.signalEvent( > RequestControlContextImpl.java:208) > at > org.springframework.webflow.engine.impl.FlowExecutionImpl.signalEvent(FlowExec > utionImpl.java:214) > at > org.springframework.webflow.executor.FlowExecutorImpl.resume(FlowExecutorImpl. > java:245) > at > org.springframework.webflow.executor.support.FlowRequestHandler.handleFlowRequ > est(FlowRequestHandler.java:115) > at > org.springframework.webflow.executor.mvc.FlowController.handleRequestInternal( > FlowController.java:172) > at > org.springframework.web.servlet.mvc.AbstractController.handleRequest(AbstractC > ontroller.java:153) > at > org.springframework.web.servlet.mvc.SimpleControllerHandlerAdapter.handle(Simp > leControllerHandlerAdapter.java:48) > at > org.springframework.web.servlet.DispatcherServlet.doDispatch(DispatcherServlet > .java:857) > at > org.springframework.web.servlet.DispatcherServlet.doService(DispatcherServlet. > java:792) > at > org.springframework.web.servlet.FrameworkServlet.processRequest(FrameworkServl > et.java:475) > at > org.springframework.web.servlet.FrameworkServlet.doPost(FrameworkServlet.java: > 440) > at javax.servlet.http.HttpServlet.service(HttpServlet.java:710) > at javax.servlet.http.HttpServlet.service(HttpServlet.java:803) > at > org.jasig.cas.web.init.SafeDispatcherServlet.service(SafeDispatcherServlet.jav > a:115) > at > org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFi > lterChain.java:290) > at > org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChai > n.java:206) > at > org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java > :233) > at > org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java > :175) > at > org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:128) > at > org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:102) > at > org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:1 > 09) > at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:286) > at org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:844) > at > org.apache.coyote.http11.Http11Protocol$Http11ConnectionHandler.process(Http11 > Protocol.java:583) > at org.apache.tomcat.util.net.JIoEndpoint$Worker.run(JIoEndpoint.java:447) > at java.lang.Thread.run(Thread.java:595) > _________________________________________________________________ > ¡El Mundo Messenger te espera! Entra ya en "I love Messenger" y descubre las > últimas novedades, trucos, emoticonos > http://www.vivelive.com/ilovemessenger/ > _______________________________________________ > Yale CAS mailing list > [email protected] > http://tp.its.yale.edu/mailman/listinfo/cas
_______________________________________________ Yale CAS mailing list [email protected] http://tp.its.yale.edu/mailman/listinfo/cas
