Foren

  1. Startseite
  2. Development
  3. CAS Problem

CAS Problem

thumbnail
Simone Zaninello, geändert vor 15 Jahren.

CAS Problem

New Member Beiträge: 12 Beitrittsdatum: 05.11.07 Neueste Beiträge
Hi,
I'm using Liferay Portal 4.3.6 with CAS login deployed on tomcat 5.5.
When I post the credentials from CAS login page com.liferay.portal.servlet.filters.sso.cas.CASFilter throw follow exception when try to validate the ticket:

09:38:05,725 ERROR [CASReceipt:55] edu.yale.its.tp.cas.client.CASAuthenticationException: Unable to validate ProxyTicketValidator [[edu.yale.its.tp.cas.client.ProxyTicketValidator proxyList=[null] [edu.yale.its.tp.cas.client.ServiceTicketValidator casValidateUrl=[https://localhost:8443/cas-web/proxyValidate] ticket=[ST-2-gC3PUrIov3aQmjtLOq5azxJxKWLA4Gqxfbj-20] service=[http%3A%2F%2Flocalhost%3A9040%2Fc%2Fportal%2Flogin] renew=false]]]
09:38:05,726 ERROR [CASFilter:380] edu.yale.its.tp.cas.client.CASAuthenticationException: Unable to validate ProxyTicketValidator [[edu.yale.its.tp.cas.client.ProxyTicketValidator proxyList=[null] [edu.yale.its.tp.cas.client.ServiceTicketValidator casValidateUrl=[https://localhost:8443/cas-web/proxyValidate] ticket=[ST-2-gC3PUrIov3aQmjtLOq5azxJxKWLA4Gqxfbj-20] service=[http%3A%2F%2Flocalhost%3A9040%2Fc%2Fportal%2Flogin] renew=false]]]
09:38:05,727 ERROR [CASFilter:97] javax.servlet.ServletException: Unable to validate ProxyTicketValidator [[edu.yale.its.tp.cas.client.ProxyTicketValidator proxyList=[null] [edu.yale.its.tp.cas.client.ServiceTicketValidator casValidateUrl=[https://localhost:8443/cas-web/proxyValidate] ticket=[ST-2-gC3PUrIov3aQmjtLOq5azxJxKWLA4Gqxfbj-20] service=[http%3A%2F%2Flocalhost%3A9040%2Fc%2Fportal%2Flogin] renew=false]]]
javax.servlet.ServletException: Unable to validate ProxyTicketValidator [[edu.yale.its.tp.cas.client.ProxyTicketValidator proxyList=[null] [edu.yale.its.tp.cas.client.ServiceTicketValidator casValidateUrl=[https://localhost:8443/cas-web/proxyValidate] ticket=[ST-2-gC3PUrIov3aQmjtLOq5azxJxKWLA4Gqxfbj-20] service=[http%3A%2F%2Flocalhost%3A9040%2Fc%2Fportal%2Flogin] renew=false]]]
        at edu.yale.its.tp.cas.client.filter.CASFilter.doFilter(CASFilter.java:381)
        at com.liferay.portal.servlet.filters.sso.cas.CASFilter.doFilter(CASFilter.java:89)
        at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:215)
        at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:188)
        at com.liferay.portal.servlet.filters.virtualhost.VirtualHostFilter.doFilter(VirtualHostFilter.java:142)
        at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:215)
        at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:188)
        at com.liferay.portal.servlet.filters.sessionid.SessionIdFilter.doFilter(SessionIdFilter.java:85)
        at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:215)
        at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:188)
        at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:210)
        at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:174)
        at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:433)
        at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:127)
        at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:117)
        at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:108)
        at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:151)
        at org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:870)
        at org.apache.coyote.http11.Http11BaseProtocol$Http11ConnectionHandler.processConnection(Http11BaseProtocol.java:665)
        at org.apache.tomcat.util.net.PoolTcpEndpoint.processSocket(PoolTcpEndpoint.java:528)
        at org.apache.tomcat.util.net.LeaderFollowerWorkerThread.runIt(LeaderFollowerWorkerThread.java:81)
        at org.apache.tomcat.util.threads.ThreadPool$ControlRunnable.run(ThreadPool.java:685)
        at java.lang.Thread.run(Thread.java:595)
09:38:05,733 ERROR [CASFilter:97] edu.yale.its.tp.cas.client.CASAuthenticationException: Unable to validate ProxyTicketValidator [[edu.yale.its.tp.cas.client.ProxyTicketValidator proxyList=[null] [edu.yale.its.tp.cas.client.ServiceTicketValidator casValidateUrl=[https://localhost:8443/cas-web/proxyValidate] ticket=[ST-2-gC3PUrIov3aQmjtLOq5azxJxKWLA4Gqxfbj-20] service=[http%3A%2F%2Flocalhost%3A9040%2Fc%2Fportal%2Flogin] renew=false]]]
edu.yale.its.tp.cas.client.CASAuthenticationException: Unable to validate ProxyTicketValidator [[edu.yale.its.tp.cas.client.ProxyTicketValidator proxyList=[null] [edu.yale.its.tp.cas.client.ServiceTicketValidator casValidateUrl=[https://localhost:8443/cas-web/proxyValidate] ticket=[ST-2-gC3PUrIov3aQmjtLOq5azxJxKWLA4Gqxfbj-20] service=[http%3A%2F%2Flocalhost%3A9040%2Fc%2Fportal%2Flogin] renew=false]]]
        at edu.yale.its.tp.cas.client.CASReceipt.getReceipt(CASReceipt.java:52)
        at edu.yale.its.tp.cas.client.filter.CASFilter.getAuthenticatedUser(CASFilter.java:455)
        at edu.yale.its.tp.cas.client.filter.CASFilter.doFilter(CASFilter.java:378)
        at com.liferay.portal.servlet.filters.sso.cas.CASFilter.doFilter(CASFilter.java:89)
        at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:215)
        at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:188)
        at com.liferay.portal.servlet.filters.virtualhost.VirtualHostFilter.doFilter(VirtualHostFilter.java:142)
        at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:215)
        at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:188)
        at com.liferay.portal.servlet.filters.sessionid.SessionIdFilter.doFilter(SessionIdFilter.java:85)
        at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:215)
        at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:188)
        at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:210)
        at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:174)
        at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:433)
        at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:127)
        at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:117)
        at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:108)
        at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:151)
        at org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:870)
        at org.apache.coyote.http11.Http11BaseProtocol$Http11ConnectionHandler.processConnection(Http11BaseProtocol.java:665)
        at org.apache.tomcat.util.net.PoolTcpEndpoint.processSocket(PoolTcpEndpoint.java:528)
        at org.apache.tomcat.util.net.LeaderFollowerWorkerThread.runIt(LeaderFollowerWorkerThread.java:81)
        at org.apache.tomcat.util.threads.ThreadPool$ControlRunnable.run(ThreadPool.java:685)
        at java.lang.Thread.run(Thread.java:595)
Caused by: javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
        at com.sun.net.ssl.internal.ssl.Alerts.getSSLException(Alerts.java:150)
        at com.sun.net.ssl.internal.ssl.SSLSocketImpl.fatal(SSLSocketImpl.java:1518)
        at com.sun.net.ssl.internal.ssl.Handshaker.fatalSE(Handshaker.java:174)
        at com.sun.net.ssl.internal.ssl.Handshaker.fatalSE(Handshaker.java:168)
        at com.sun.net.ssl.internal.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:848)
        at com.sun.net.ssl.internal.ssl.ClientHandshaker.processMessage(ClientHandshaker.java:106)
        at com.sun.net.ssl.internal.ssl.Handshaker.processLoop(Handshaker.java:495)
        at com.sun.net.ssl.internal.ssl.Handshaker.process_record(Handshaker.java:433)
        at com.sun.net.ssl.internal.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:818)
        at com.sun.net.ssl.internal.ssl.SSLSocketImpl.performInitialHandshake(SSLSocketImpl.java:1030)
        at com.sun.net.ssl.internal.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1057)
        at com.sun.net.ssl.internal.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1041)
        at sun.net.www.protocol.https.HttpsClient.afterConnect(HttpsClient.java:402)
        at sun.net.www.protocol.https.AbstractDelegateHttpsURLConnection.connect(AbstractDelegateHttpsURLConnection.java:170)
        at sun.net.www.protocol.http.HttpURLConnection.getInputStream(HttpURLConnection.java:938)
        at sun.net.www.protocol.https.HttpsURLConnectionImpl.getInputStream(HttpsURLConnectionImpl.java:234)
        at edu.yale.its.tp.cas.util.SecureURL.retrieve(SecureURL.java:84)
        at edu.yale.its.tp.cas.client.ServiceTicketValidator.validate(ServiceTicketValidator.java:212)
        at edu.yale.its.tp.cas.client.CASReceipt.getReceipt(CASReceipt.java:50)
        ... 24 more
Caused by: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
        at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:221)
        at sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:145)
        at sun.security.validator.Validator.validate(Validator.java:203)
        at com.sun.net.ssl.internal.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:172)
        at com.sun.net.ssl.internal.ssl.JsseX509TrustManager.checkServerTrusted(SSLContextImpl.java:320)
        at com.sun.net.ssl.internal.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:841)
        ... 38 more
Caused by: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
        at sun.security.provider.certpath.SunCertPathBuilder.engineBuild(SunCertPathBuilder.java:236)
        at java.security.cert.CertPathBuilder.build(CertPathBuilder.java:194)
        at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:216)
        ... 43 more
09:38:05,739 ERROR [CASFilter:97] javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
        at com.sun.net.ssl.internal.ssl.Alerts.getSSLException(Alerts.java:150)
        at com.sun.net.ssl.internal.ssl.SSLSocketImpl.fatal(SSLSocketImpl.java:1518)
        at com.sun.net.ssl.internal.ssl.Handshaker.fatalSE(Handshaker.java:174)
        at com.sun.net.ssl.internal.ssl.Handshaker.fatalSE(Handshaker.java:168)
        at com.sun.net.ssl.internal.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:848)
        at com.sun.net.ssl.internal.ssl.ClientHandshaker.processMessage(ClientHandshaker.java:106)
        at com.sun.net.ssl.internal.ssl.Handshaker.processLoop(Handshaker.java:495)
        at com.sun.net.ssl.internal.ssl.Handshaker.process_record(Handshaker.java:433)
        at com.sun.net.ssl.internal.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:818)
        at com.sun.net.ssl.internal.ssl.SSLSocketImpl.performInitialHandshake(SSLSocketImpl.java:1030)
        at com.sun.net.ssl.internal.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1057)
        at com.sun.net.ssl.internal.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1041)
        at sun.net.www.protocol.https.HttpsClient.afterConnect(HttpsClient.java:402)
        at sun.net.www.protocol.https.AbstractDelegateHttpsURLConnection.connect(AbstractDelegateHttpsURLConnection.java:170)
        at sun.net.www.protocol.http.HttpURLConnection.getInputStream(HttpURLConnection.java:938)
        at sun.net.www.protocol.https.HttpsURLConnectionImpl.getInputStream(HttpsURLConnectionImpl.java:234)
        at edu.yale.its.tp.cas.util.SecureURL.retrieve(SecureURL.java:84)
        at edu.yale.its.tp.cas.client.ServiceTicketValidator.validate(ServiceTicketValidator.java:212)
        at edu.yale.its.tp.cas.client.CASReceipt.getReceipt(CASReceipt.java:50)
        at edu.yale.its.tp.cas.client.filter.CASFilter.getAuthenticatedUser(CASFilter.java:455)
        at edu.yale.its.tp.cas.client.filter.CASFilter.doFilter(CASFilter.java:378)
        at com.liferay.portal.servlet.filters.sso.cas.CASFilter.doFilter(CASFilter.java:89)
        at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:215)
        at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:188)
        at com.liferay.portal.servlet.filters.virtualhost.VirtualHostFilter.doFilter(VirtualHostFilter.java:142)
        at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:215)
        at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:188)
        at com.liferay.portal.servlet.filters.sessionid.SessionIdFilter.doFilter(SessionIdFilter.java:85)
        at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:215)
        at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:188)
        at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:210)
        at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:174)
        at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:433)
        at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:127)
        at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:117)
        at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:108)
        at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:151)
        at org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:870)
        at org.apache.coyote.http11.Http11BaseProtocol$Http11ConnectionHandler.processConnection(Http11BaseProtocol.java:665)
        at org.apache.tomcat.util.net.PoolTcpEndpoint.processSocket(PoolTcpEndpoint.java:528)
        at org.apache.tomcat.util.net.LeaderFollowerWorkerThread.runIt(LeaderFollowerWorkerThread.java:81)
        at org.apache.tomcat.util.threads.ThreadPool$ControlRunnable.run(ThreadPool.java:685)
        at java.lang.Thread.run(Thread.java:595)
Caused by: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
        at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:221)
        at sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:145)
        at sun.security.validator.Validator.validate(Validator.java:203)
        at com.sun.net.ssl.internal.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:172)
        at com.sun.net.ssl.internal.ssl.JsseX509TrustManager.checkServerTrusted(SSLContextImpl.java:320)
        at com.sun.net.ssl.internal.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:841)
        ... 38 more
Caused by: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
        at sun.security.provider.certpath.SunCertPathBuilder.engineBuild(SunCertPathBuilder.java:236)
        at java.security.cert.CertPathBuilder.build(CertPathBuilder.java:194)
        at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:216)
        ... 43 more
09:38:05,741 ERROR [CASFilter:97] sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
        at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:221)
        at sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:145)
        at sun.security.validator.Validator.validate(Validator.java:203)
        at com.sun.net.ssl.internal.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:172)
        at com.sun.net.ssl.internal.ssl.JsseX509TrustManager.checkServerTrusted(SSLContextImpl.java:320)
        at com.sun.net.ssl.internal.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:841)
        at com.sun.net.ssl.internal.ssl.ClientHandshaker.processMessage(ClientHandshaker.java:106)
        at com.sun.net.ssl.internal.ssl.Handshaker.processLoop(Handshaker.java:495)
        at com.sun.net.ssl.internal.ssl.Handshaker.process_record(Handshaker.java:433)
        at com.sun.net.ssl.internal.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:818)
        at com.sun.net.ssl.internal.ssl.SSLSocketImpl.performInitialHandshake(SSLSocketImpl.java:1030)
        at com.sun.net.ssl.internal.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1057)
        at com.sun.net.ssl.internal.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1041)
        at sun.net.www.protocol.https.HttpsClient.afterConnect(HttpsClient.java:402)
        at sun.net.www.protocol.https.AbstractDelegateHttpsURLConnection.connect(AbstractDelegateHttpsURLConnection.java:170)
        at sun.net.www.protocol.http.HttpURLConnection.getInputStream(HttpURLConnection.java:938)
        at sun.net.www.protocol.https.HttpsURLConnectionImpl.getInputStream(HttpsURLConnectionImpl.java:234)
        at edu.yale.its.tp.cas.util.SecureURL.retrieve(SecureURL.java:84)
        at edu.yale.its.tp.cas.client.ServiceTicketValidator.validate(ServiceTicketValidator.java:212)
        at edu.yale.its.tp.cas.client.CASReceipt.getReceipt(CASReceipt.java:50)
        at edu.yale.its.tp.cas.client.filter.CASFilter.getAuthenticatedUser(CASFilter.java:455)
        at edu.yale.its.tp.cas.client.filter.CASFilter.doFilter(CASFilter.java:378)
        at com.liferay.portal.servlet.filters.sso.cas.CASFilter.doFilter(CASFilter.java:89)
        at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:215)
        at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:188)
        at com.liferay.portal.servlet.filters.virtualhost.VirtualHostFilter.doFilter(VirtualHostFilter.java:142)
        at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:215)
        at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:188)
        at com.liferay.portal.servlet.filters.sessionid.SessionIdFilter.doFilter(SessionIdFilter.java:85)
        at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:215)
        at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:188)
        at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:210)
        at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:174)
        at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:433)
        at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:127)
        at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:117)
        at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:108)
        at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:151)
        at org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:870)
        at org.apache.coyote.http11.Http11BaseProtocol$Http11ConnectionHandler.processConnection(Http11BaseProtocol.java:665)
        at org.apache.tomcat.util.net.PoolTcpEndpoint.processSocket(PoolTcpEndpoint.java:528)
        at org.apache.tomcat.util.net.LeaderFollowerWorkerThread.runIt(LeaderFollowerWorkerThread.java:81)
        at org.apache.tomcat.util.threads.ThreadPool$ControlRunnable.run(ThreadPool.java:685)
        at java.lang.Thread.run(Thread.java:595)
Caused by: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
        at sun.security.provider.certpath.SunCertPathBuilder.engineBuild(SunCertPathBuilder.java:236)
        at java.security.cert.CertPathBuilder.build(CertPathBuilder.java:194)
        at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:216)
        ... 43 more
09:38:05,744 ERROR [CASFilter:97] sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
        at sun.security.provider.certpath.SunCertPathBuilder.engineBuild(SunCertPathBuilder.java:236)
        at java.security.cert.CertPathBuilder.build(CertPathBuilder.java:194)
        at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:216)
        at sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:145)
        at sun.security.validator.Validator.validate(Validator.java:203)
        at com.sun.net.ssl.internal.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:172)
        at com.sun.net.ssl.internal.ssl.JsseX509TrustManager.checkServerTrusted(SSLContextImpl.java:320)
        at com.sun.net.ssl.internal.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:841)
        at com.sun.net.ssl.internal.ssl.ClientHandshaker.processMessage(ClientHandshaker.java:106)
        at com.sun.net.ssl.internal.ssl.Handshaker.processLoop(Handshaker.java:495)
        at com.sun.net.ssl.internal.ssl.Handshaker.process_record(Handshaker.java:433)
        at com.sun.net.ssl.internal.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:818)
        at com.sun.net.ssl.internal.ssl.SSLSocketImpl.performInitialHandshake(SSLSocketImpl.java:1030)
        at com.sun.net.ssl.internal.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1057)
        at com.sun.net.ssl.internal.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1041)
        at sun.net.www.protocol.https.HttpsClient.afterConnect(HttpsClient.java:402)
        at sun.net.www.protocol.https.AbstractDelegateHttpsURLConnection.connect(AbstractDelegateHttpsURLConnection.java:170)
        at sun.net.www.protocol.http.HttpURLConnection.getInputStream(HttpURLConnection.java:938)
        at sun.net.www.protocol.https.HttpsURLConnectionImpl.getInputStream(HttpsURLConnectionImpl.java:234)
        at edu.yale.its.tp.cas.util.SecureURL.retrieve(SecureURL.java:84)
        at edu.yale.its.tp.cas.client.ServiceTicketValidator.validate(ServiceTicketValidator.java:212)
        at edu.yale.its.tp.cas.client.CASReceipt.getReceipt(CASReceipt.java:50)
        at edu.yale.its.tp.cas.client.filter.CASFilter.getAuthenticatedUser(CASFilter.java:455)
        at edu.yale.its.tp.cas.client.filter.CASFilter.doFilter(CASFilter.java:378)
        at com.liferay.portal.servlet.filters.sso.cas.CASFilter.doFilter(CASFilter.java:89)
        at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:215)
        at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:188)
        at com.liferay.portal.servlet.filters.virtualhost.VirtualHostFilter.doFilter(VirtualHostFilter.java:142)
        at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:215)
        at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:188)
        at com.liferay.portal.servlet.filters.sessionid.SessionIdFilter.doFilter(SessionIdFilter.java:85)
        at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:215)
        at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:188)
        at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:210)
        at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:174)
        at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:433)
        at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:127)
        at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:117)
        at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:108)
        at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:151)
        at org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:870)
        at org.apache.coyote.http11.Http11BaseProtocol$Http11ConnectionHandler.processConnection(Http11BaseProtocol.java:665)
        at org.apache.tomcat.util.net.PoolTcpEndpoint.processSocket(PoolTcpEndpoint.java:528)
        at org.apache.tomcat.util.net.LeaderFollowerWorkerThread.runIt(LeaderFollowerWorkerThread.java:81)
        at org.apache.tomcat.util.threads.ThreadPool$ControlRunnable.run(ThreadPool.java:685)
        at java.lang.Thread.run(Thread.java:595)



I have configured my system following http://content.liferay.com/4.3/doc/installation/liferay_4_installation_guide/multipage/ch05s04.html

I don't understand where is the problem. Help me please.

Thanks in advance
Simone
Alvaro Manso, geändert vor 15 Jahren.

RE: CAS Problem

Junior Member Beiträge: 27 Beitrittsdatum: 29.02.08 Neueste Beiträge
There is a problem with your certificate.

Look at this exception:
"unable to find valid certification path to requested target"
You have to specify where are you storing the certificate, I think you have something wrong in your keystore.

I recomend you, to use CAS without SSL to test it, and once you see it working without SSL try to generate the certificates.
thumbnail
Jaime Israel Ramírez Hernández, geändert vor 15 Jahren.

RE: CAS Problema

Regular Member Beiträge: 115 Beitrittsdatum: 14.04.08 Neueste Beiträge
Hello!!!... I have the same problem... how can I use cas without ssl?.

Well.. in fact I'm using it without ssl (to install it I just downloaded it, configured ldap following this page but didn't configure anything of ssl), in my portal-ext.properties I have the following:

cas.auth.enabled=true
cas.login.url=http://10.254.61.52:8080/cas/login
cas.logout.url=http://10.254.61.52:8080/cas/logout
cas.validate.url=https://10.254.61.52:8443/cas/proxyValidate
cas.service.url=http://localhost:8080/c/portal/login

the cas.validate.url propertie says https because it doesn't allow me to put a http address. Is it related to the problem?.

Thanks!!!!
Alvaro Manso, geändert vor 15 Jahren.

RE: CAS Problema

Junior Member Beiträge: 27 Beitrittsdatum: 29.02.08 Neueste Beiträge
Jaime Israel Ramírez Hernández:
Hello!!!... I have the same problem... how can I use cas without ssl?.

Well.. in fact I'm using it without ssl (to install it I just downloaded it, configured ldap following this page but didn't configure anything of ssl), in my portal-ext.properties I have the following:

cas.auth.enabled=true
cas.login.url=http://10.254.61.52:8080/cas/login
cas.logout.url=http://10.254.61.52:8080/cas/logout
cas.validate.url=https://10.254.61.52:8443/cas/proxyValidate
cas.service.url=http://localhost:8080/c/portal/login

the cas.validate.url propertie says https because it doesn't allow me to put a http address. Is it related to the problem?.

Thanks!!!!


You can use CAS without SSL, this option is not mandatory.
Anyway you can generate a certificate in your machine, it is not a very complex task and it is described in the liferay wiki.
thumbnail
Jaime Israel Ramírez Hernández, geändert vor 15 Jahren.

RE: CAS Problem

Regular Member Beiträge: 115 Beitrittsdatum: 14.04.08 Neueste Beiträge
Thanks Alvaro, I generated the ssl certificate following the liferay wiki (using the root user) but I'm still getting the same error.

My tomcat's server.xml file is a bit different from the wiki's:

<Connector port="8443" maxHttpHeaderSize="8192"
maxThreads="150" minSpareThreads="25" maxSpareThreads="75"
enableLookups="false" disableUploadTimeout="true"
acceptCount="100" scheme="https" secure="true"
clientAuth="false" sslProtocol="TLS" SSLEnabled="true"
keystoreFile="/root/.keystore" keystorePass="changeit"
SSLCertificateFile="/root/server.cert" />

Is there any problemt with this configuration?, at tomcat's site there's and example that adds the SSLCertificationKeyFile="/usr/local/ssl/server.gem" attribute, is it necesary?, I don't know how to generate the KeyFile emoticon

Thank you very much for your help!!!
Alvaro Manso, geändert vor 15 Jahren.

RE: CAS Problem

Junior Member Beiträge: 27 Beitrittsdatum: 29.02.08 Neueste Beiträge
I also had a lot of problems with SSL, I know that it is very irritating, I really don't know how to help you, sometimes the path to the truestore file is wrong, sometimes the password is wrong, .... The only thing that is sure is that something in your configuration is wrong, but im afraid that you have to discover it by yourself.

This is my server.xml file

<Connector port="8443" maxHttpHeaderSize="8192"
maxThreads="150" minSpareThreads="25" maxSpareThreads="75"
enableLookups="false" disableUploadTimeout="true"
acceptCount="100" scheme="https" secure="true"
clientAuth="false" sslProtocol="TLS"
keyAlias="xxxx"
algorithm="SunX509"
keystoreFile="/root/.keystore"
keystorePass="xxxxx"
truststoreFile="/opt/jdk1.6.0_02/jre/lib/security/cacerts"
truststorePass="changeit"
URIEncoding="UTF-8" />

AFAIK not all parameters are mandatory, some of them have default values, that means that if you don't specify a new value, it will take the default value.

I recommend you to look for help in the CAS mailing list, there are several messages about this problem.
If SSL is not requiered for you it is much easier don't use it.

You first step should be to have a CAS working standalone, once you have it try to integrate with liferay.

I'm sorry for can't help you more.

Regards
thumbnail
Jaime Israel Ramírez Hernández, geändert vor 15 Jahren.

RE: CAS Problem

Regular Member Beiträge: 115 Beitrittsdatum: 14.04.08 Neueste Beiträge
Hello Alvaro:

Thank you very much for your help!!!, I managed to make it work by followig the instructions of this forum.

What was happening is that my java didn't turst the certificate because it wasn't signed by an external entity (like verisign), I just added the certivicate to the cacert.

The next step is to authenticate our java applications with cas (I guess it's using the cas client jar file), we have also non java applications, do you know if is it possible to authenticate them with cas?.

Thanks!!!!
Alvaro Manso, geändert vor 15 Jahren.

RE: CAS Problem

Junior Member Beiträge: 27 Beitrittsdatum: 29.02.08 Neueste Beiträge
AFAIK it is possible to authenticate non java applications with CAS?
I have read some post in the cas mailing list about authenticate .NET applications, but I do not have details of the configuration of these applications.
thumbnail
JR Houn, geändert vor 15 Jahren.

Thread Moved

Expert Beiträge: 488 Beitrittsdatum: 19.11.07 Neueste Beiträge
Thread moved: Portal Framework.
-jr
thumbnail
Nidhi Singh, geändert vor 14 Jahren.

RE: CAS Problem

Regular Member Beiträge: 155 Beitrittsdatum: 07.10.09 Neueste Beiträge
Hi,

check this blog blog

Thanks
Nidhi Singh
Lam Le, geändert vor 10 Jahren.

RE: CAS Problem

New Member Beiträge: 10 Beitrittsdatum: 16.06.09 Neueste Beiträge
Hi,

CAS allows ONLY verified certificate file from the client in order to establish SSO. So after generating server.cert you have to give it to an authorization organization (eg www.verisign.com) to authorize your address, and then use the crt file they return to import using keytool.

BR,Lam