Combination View Flat View Tree View
Threads [ Previous | Next ]
toggle
Mounir Laaraj
CAS and Liferay integration
July 21, 2008 9:26 AM
Answer

Mounir Laaraj

Rank: New Member

Posts: 4

Join Date: July 21, 2008

Recent Posts

Hi,

I am running 2 seperate servers one for hosting my CAS Server and another one hosting my Liferay portal.

CAS server name: quasimodo
Liferay Server: infonet

The cas server is running and authenticating perfectly with LDAP, whenver I access it at https://quasimodo:8443/cas-web/login it logs me in succesfully.

Now I tried to integrate CAS with liferay. So I did the following changes:

1- Updated the portal-ext.properties with the following
1cas.auth.enabled=true
2cas.import.from.ldap=true
3cas.login.url=https://quasimodo:8443/cas-web/login
4cas.logout.url=https://quasimodo:8443/cas-web/logout
5cas.service.url=http://infonet:8080/c/portal/login
6cas.validate.url=https://quasimodo:8443/cas-web/proxyValidate
7
8auto.login.hooks=com.liferay.portal.security.auth.CASAutoLogin

2- Added the line below to system-ext.properties
1com.liferay.filters.sso.cas.CASFilter=true

3- Added the following tag to web.xml
1<filter>
2<filter-name>CAS Filter</filter-name>
3<filter-class>com.liferay.portal.servlet.filters.sso.cas.CASFilter</filter-class>
4</filter>

4- Also made sure to add the following dispatchers to all auto login filters
1<dispatcher>FORWARD</dispatcher>
2<dispatcher>INCLUDE</dispatcher>
3<dispatcher>REQUEST</dispatcher>

5- Copied the following files to WEB-INF/lib:
cas-client-core-3.1.3.jar
commons-logging-1.1.jar
servlet-api-2.3.jar
xmlsec-1.3.0.jar

Now the problem I am facing is that whenever I try to login to Liferay, I go through the liferay home page http://infonet:8080/ and then I select login then I get redirected to my CAS login, once logged in I get a blank page and I get the following error messages
  116:18:19,780 ERROR [CASReceipt:55] edu.yale.its.tp.cas.client.CASAuthenticationE
  2xception: Unable to validate ProxyTicketValidator [[edu.yale.its.tp.cas.client.P
  3roxyTicketValidator proxyList=[null] [edu.yale.its.tp.cas.client.ServiceTicketVa
  4lidator casValidateUrl=[https://quasimodo:8443/cas-web/proxyValidate] ticket=[ST
  5-11-NfqVXuVzxZbTmIBBjdSP-cas] service=[http%3A%2F%2Finfonet%3A8080%2Fc%2Fportal%
  62Flogin] renew=false]]]
  716:18:19,780 ERROR [CASFilter:380] edu.yale.its.tp.cas.client.CASAuthenticationE
  8xception: Unable to validate ProxyTicketValidator [[edu.yale.its.tp.cas.client.P
  9roxyTicketValidator proxyList=[null] [edu.yale.its.tp.cas.client.ServiceTicketVa
 10lidator casValidateUrl=[https://quasimodo:8443/cas-web/proxyValidate] ticket=[ST
 11-11-NfqVXuVzxZbTmIBBjdSP-cas] service=[http%3A%2F%2Finfonet%3A8080%2Fc%2Fportal%
 122Flogin] renew=false]]]
 1316:18:19,795 ERROR [CASFilter:60] javax.servlet.ServletException: edu.yale.its.t
 14p.cas.client.CASAuthenticationException: Unable to validate ProxyTicketValidator
 15 [[edu.yale.its.tp.cas.client.ProxyTicketValidator proxyList=[null] [edu.yale.it
 16s.tp.cas.client.ServiceTicketValidator casValidateUrl=[https://quasimodo:8443/ca
 17s-web/proxyValidate] ticket=[ST-11-NfqVXuVzxZbTmIBBjdSP-cas] service=[http%3A%2F
 18%2Finfonet%3A8080%2Fc%2Fportal%2Flogin] renew=false]]]
 19javax.servlet.ServletException: edu.yale.its.tp.cas.client.CASAuthenticationExce
 20ption: Unable to validate ProxyTicketValidator [[edu.yale.its.tp.cas.client.Prox
 21yTicketValidator proxyList=[null] [edu.yale.its.tp.cas.client.ServiceTicketValid
 22ator casValidateUrl=[https://quasimodo:8443/cas-web/proxyValidate] ticket=[ST-11
 23-NfqVXuVzxZbTmIBBjdSP-cas] service=[http%3A%2F%2Finfonet%3A8080%2Fc%2Fportal%2Fl
 24ogin] renew=false]]]
 25        at edu.yale.its.tp.cas.client.filter.CASFilter.doFilter(CASFilter.java:3
 2681)
 27        at com.liferay.portal.servlet.filters.sso.cas.CASFilter.doFilter(CASFilt
 28er.java:93)
 29        at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(Appl
 30icationFilterChain.java:235)
 31        at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationF
 32ilterChain.java:206)
 33        at com.liferay.portal.kernel.servlet.BaseFilter.doFilter(BaseFilter.java
 34:98)
 35        at com.liferay.portal.servlet.filters.virtualhost.VirtualHostFilter.doFi
 36lter(VirtualHostFilter.java:149)
 37        at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(Appl
 38icationFilterChain.java:235)
 39        at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationF
 40ilterChain.java:206)
 41        at com.liferay.portal.kernel.servlet.BaseFilter.doFilter(BaseFilter.java
 42:98)
 43        at com.liferay.portal.servlet.filters.sessionid.SessionIdFilter.doFilter
 44(SessionIdFilter.java:81)
 45        at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(Appl
 46icationFilterChain.java:235)
 47        at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationF
 48ilterChain.java:206)
 49        at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperV
 50alve.java:233)
 51        at org.apache.catalina.core.StandardContextValve.invoke(StandardContextV
 52alve.java:175)
 53        at org.apache.catalina.authenticator.AuthenticatorBase.invoke(Authentica
 54torBase.java:433)
 55        at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.j
 56ava:128)
 57        at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.j
 58ava:102)
 59        at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineVal
 60ve.java:109)
 61        at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.jav
 62a:286)
 63        at org.apache.coyote.http11.Http11Processor.process(Http11Processor.java
 64:844)
 65        at org.apache.coyote.http11.Http11Protocol$Http11ConnectionHandler.proce
 66ss(Http11Protocol.java:583)
 67        at org.apache.tomcat.util.net.JIoEndpoint$Worker.run(JIoEndpoint.java:44
 687)
 69        at java.lang.Thread.run(Thread.java:595)
 70Caused by: edu.yale.its.tp.cas.client.CASAuthenticationException: Unable to vali
 71date ProxyTicketValidator [[edu.yale.its.tp.cas.client.ProxyTicketValidator prox
 72yList=[null] [edu.yale.its.tp.cas.client.ServiceTicketValidator casValidateUrl=[
 73https://quasimodo:8443/cas-web/proxyValidate] ticket=[ST-11-NfqVXuVzxZbTmIBBjdSP
 74-cas] service=[http%3A%2F%2Finfonet%3A8080%2Fc%2Fportal%2Flogin] renew=false]]]
 75        at edu.yale.its.tp.cas.client.CASReceipt.getReceipt(CASReceipt.java:52)
 76        at edu.yale.its.tp.cas.client.filter.CASFilter.getAuthenticatedUser(CASF
 77ilter.java:455)
 78        at edu.yale.its.tp.cas.client.filter.CASFilter.doFilter(CASFilter.java:3
 7978)
 80        ... 22 more
 81Caused by: javax.net.ssl.SSLHandshakeException: sun.security.validator.Validator
 82Exception: PKIX path building failed: sun.security.provider.certpath.SunCertPath
 83BuilderException: unable to find valid certification path to requested target
 84        at com.sun.net.ssl.internal.ssl.Alerts.getSSLException(Alerts.java:150)
 85        at com.sun.net.ssl.internal.ssl.SSLSocketImpl.fatal(SSLSocketImpl.java:1
 86584)
 87        at com.sun.net.ssl.internal.ssl.Handshaker.fatalSE(Handshaker.java:174)
 88        at com.sun.net.ssl.internal.ssl.Handshaker.fatalSE(Handshaker.java:168)
 89        at com.sun.net.ssl.internal.ssl.ClientHandshaker.serverCertificate(Clien
 90tHandshaker.java:848)
 91        at com.sun.net.ssl.internal.ssl.ClientHandshaker.processMessage(ClientHa
 92ndshaker.java:106)
 93        at com.sun.net.ssl.internal.ssl.Handshaker.processLoop(Handshaker.java:4
 9495)
 95        at com.sun.net.ssl.internal.ssl.Handshaker.process_record(Handshaker.jav
 96a:433)
 97        at com.sun.net.ssl.internal.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.j
 98ava:877)
 99        at com.sun.net.ssl.internal.ssl.SSLSocketImpl.performInitialHandshake(SS
100LSocketImpl.java:1089)
101        at com.sun.net.ssl.internal.ssl.SSLSocketImpl.startHandshake(SSLSocketIm
102pl.java:1116)
103        at com.sun.net.ssl.internal.ssl.SSLSocketImpl.startHandshake(SSLSocketIm
104pl.java:1100)
105        at sun.net.www.protocol.https.HttpsClient.afterConnect(HttpsClient.java:
106402)
107        at sun.net.www.protocol.https.AbstractDelegateHttpsURLConnection.connect
108(AbstractDelegateHttpsURLConnection.java:170)
109        at sun.net.www.protocol.http.HttpURLConnection.getInputStream(HttpURLCon
110nection.java:934)
111        at sun.net.www.protocol.https.HttpsURLConnectionImpl.getInputStream(Http
112sURLConnectionImpl.java:234)
113        at edu.yale.its.tp.cas.util.SecureURL.retrieve(SecureURL.java:84)
114        at edu.yale.its.tp.cas.client.ServiceTicketValidator.validate(ServiceTic
115ketValidator.java:212)
116        at edu.yale.its.tp.cas.client.CASReceipt.getReceipt(CASReceipt.java:50)
117        ... 24 more
118Caused by: sun.security.validator.ValidatorException: PKIX path building failed:
119 sun.security.provider.certpath.SunCertPathBuilderException: unable to find vali
120d certification path to requested target
121        at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:221)
122        at sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.jav
123a:145)
124        at sun.security.validator.Validator.validate(Validator.java:203)
125        at com.sun.net.ssl.internal.ssl.X509TrustManagerImpl.checkServerTrusted(
126X509TrustManagerImpl.java:172)
127        at com.sun.net.ssl.internal.ssl.JsseX509TrustManager.checkServerTrusted(
128SSLContextImpl.java:320)
129        at com.sun.net.ssl.internal.ssl.ClientHandshaker.serverCertificate(Clien
130tHandshaker.java:841)
131        ... 38 more
132Caused by: sun.security.provider.certpath.SunCertPathBuilderException: unable to
133 find valid certification path to requested target
134        at sun.security.provider.certpath.SunCertPathBuilder.engineBuild(SunCert
135PathBuilder.java:236)
136        at java.security.cert.CertPathBuilder.build(CertPathBuilder.java:194)
137        at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:216)
138        ... 43 more
13916:19:05,109 INFO  [PluginPackageUtil:1140] Reloading repositories

I am using Liferay 5.0.1 on Tomcat 6 width JDK 1.5

Any help or assitance will be really appreciated since I am stuck and quite delayed because of these errors.

Thanks
JR Houn
Thread Moved
July 21, 2008 9:38 AM
Answer

JR Houn

LIFERAY STAFF

Rank: Expert

Posts: 489

Join Date: November 19, 2007

Recent Posts

Thread moved: Portal Framework.
-jr
Mounir Laaraj
CAS and Liferay integration
July 21, 2008 1:13 PM
Answer

Mounir Laaraj

Rank: New Member

Posts: 4

Join Date: July 21, 2008

Recent Posts

Hi again,

Now I resolved the issue I had previously by following the steps listed in http://osdir.com/ml/java.jasig.cas.user/2007-05/msg00269.html and worked fine the only issue now I am getting is that whenever I log in it redirects me to a page that says Please contact the administrator because you do not have any pages configured. and logs show the following error
120:00:58,848 ERROR [SerializableSessionAttributeListener:52] edu.yale.its.tp.cas
2.client.CASReceipt is not serializable and will prevent this session from being
3replicated
Any assistance will be much appreciated
Scott Murray
RE: CAS and Liferay integration
October 3, 2008 7:58 AM
Answer

Scott Murray

Rank: New Member

Posts: 12

Join Date: November 12, 2007

Recent Posts

Mounir Laaraj:
Hi again,

Now I resolved the issue I had previously by following the steps listed in http://osdir.com/ml/java.jasig.cas.user/2007-05/msg00269.html and worked fine the only issue now I am getting is that whenever I log in it redirects me to a page that says Please contact the administrator because you do not have any pages configured. and logs show the following error
120:00:58,848 ERROR [SerializableSessionAttributeListener:52] edu.yale.its.tp.cas
2.client.CASReceipt is not serializable and will prevent this session from being
3replicated
Any assistance will be much appreciated


Hi Mounir,

I am having this exact same problem. Were you ever able to figure out a solution?