Re: Roller + CAS

Mon, 31 Mar 2008 10:14:02 -0700 

Hi,
I found the problem. The certificate I generated for the https connection, was wrong. I think it had the wrong server name. To find the problem I wrote a small HelloWorld servlet and got the exception Phillip mentioned. So I regenerated the certificate and now it works with roller and the HelloWorld servlet. 

Thanks for all answeres,

Jens



Am 31.03.2008 um 18:10 schrieb Phillip Rhodes:


Jens Greive wrote:

Hi,

I followed the instructions from this site http://cwiki.apache.org/confluence/display/ROLLER/Roller+4.0+with+LDAP+and+CAS 
 to integrate roller with CAS (http://www.ja-sig.org/products/ 
cas/). Now when I try to login into roller I am redirected to the  
CAS login page and can login there successfully. But after being  
redirected to roller, roller shows the message "Wrong User-Password- 
Combination". I searched the internet and found some reports from  
users who were experiencing the same problem. But nobody has posted  
a solution so far. Does anyone has an idea?





You're not testing with a self-signed certificate by any chance are  
you? If you are, you'll need to import the certificate you are using  
so that JSSE trust it.  If you don't, on the redirect back to Roller  
from CAS, when the CASProcessingFilter tries to validate the CAS  
ticket, it winds up blowing up with some crazy exception that looks  
like:




javax.net.ssl.SSLHandshakeException:  
sun.security.validator.ValidatorException: PKIX path building  
failed: sun.security.provider.certpath.SunCertPathBuilderException:  
unable to find valid certification path to requested target



Unfortunately this exception seems to be "swallowed" down in the  
bowels of the CAS processing so you never see it in the log. The  
only way

I found out this was happening to me was by stepping through
the code in the debugger.


Anyway, if this is the same problem you're getting, see this webpage  
for

details on how to load the certificate into your JRE so that it
will work.

<http://blogs.sun.com/andreas/entry/no_more_unable_to_find>


TTYL,


--
Phillip Rhodes
Chief Architect - OpenQabal
https://openqabal.dev.java.net
LinkedIn: http://www.linkedin.com/in/philliprhodes
























					Reply via email to