I've been working in a test system trying to get a self-signed
certificate applied to both cas and uportal and have a couple
questions. Since this overlaps both cas and uportal, I'm posting to
both forums.
1) Can the certificate be applied at the apache level or does it have
to be applied on the tomcat level? (I've been trying to make it work
with apache...and have been receiving the error posted below)
2) Once the ssl works, do I simply remove the
BROKEN_SECURITY_ALLOW_NON_SSL init parameter from the uportal web.xml?
------------------------------------------------------
exception
javax.servlet.ServletException:
edu.yale.its.tp.cas.client.CASAuthenticationException: Unable to
validate ProxyTicketValidator
[[edu.yale.its.tp.cas.client.ProxyTicketValidator proxyList=[null]
[edu.yale.its.tp.cas.client.ServiceTicketValidator BROKEN SECURITY
MODE SUITABLE ONLY FOR DEMO PURPOSES
casValidateUrl=[
https://portap3/cas/serviceValidate]
proxyCallbackUrl=[
https://portap3/CasProxyServlet]
ticket=[ST-1-cAFdfHIiYkx1y1DY6gna-cas]
service=[https%3A%2F%2Fportap3%2FLogin] renew=false]]]
edu.yale.its.tp.cas.client.filter.CASValidateFilter.doFilter(CASValidateFilter.java:345)
root cause
edu.yale.its.tp.cas.client.CASAuthenticationException: Unable to
validate ProxyTicketValidator
[[edu.yale.its.tp.cas.client.ProxyTicketValidator proxyList=[null]
[edu.yale.its.tp.cas.client.ServiceTicketValidator BROKEN SECURITY
MODE SUITABLE ONLY FOR DEMO PURPOSES
casValidateUrl=[
https://portap3/cas/serviceValidate]
proxyCallbackUrl=[
https://portap3/CasProxyServlet]
ticket=[ST-1-cAFdfHIiYkx1y1DY6gna-cas]
service=[https%3A%2F%2Fportap3%2FLogin] renew=false]]]
edu.yale.its.tp.cas.client.CASReceipt.getReceipt(CASReceipt.java:54)
edu.yale.its.tp.cas.client.filter.CASValidateFilter.getAuthenticatedUser(CASValidateFilter.java:393)
edu.yale.its.tp.cas.client.filter.CASValidateFilter.doFilter(CASValidateFilter.java:342)
root cause
javax.net.ssl.SSLHandshakeException:
sun.security.validator.ValidatorException: PKIX path building failed:
sun.security.provider.certpath.SunCertPathBuilderException: unable to
find valid certification path to requested target
com.sun.net.ssl.internal.ssl.Alerts.getSSLException(Alerts.java:174)
com.sun.net.ssl.internal.ssl.SSLSocketImpl.fatal(SSLSocketImpl.java:1611)
com.sun.net.ssl.internal.ssl.Handshaker.fatalSE(Handshaker.java:187)
com.sun.net.ssl.internal.ssl.Handshaker.fatalSE(Handshaker.java:181)
com.sun.net.ssl.internal.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:1035)
com.sun.net.ssl.internal.ssl.ClientHandshaker.processMessage(ClientHandshaker.java:124)
com.sun.net.ssl.internal.ssl.Handshaker.processLoop(Handshaker.java:516)
com.sun.net.ssl.internal.ssl.Handshaker.process_record(Handshaker.java:454)
com.sun.net.ssl.internal.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:884)
com.sun.net.ssl.internal.ssl.SSLSocketImpl.performInitialHandshake(SSLSocketImpl.java:1112)
com.sun.net.ssl.internal.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1139)
com.sun.net.ssl.internal.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1123)
sun.net.www.protocol.https.HttpsClient.afterConnect(HttpsClient.java:434)
sun.net.www.protocol.https.AbstractDelegateHttpsURLConnection.connect(AbstractDelegateHttpsURLConnection.java:166)
sun.net.www.protocol.http.HttpURLConnection.getInputStream(HttpURLConnection.java:1049)
com.sun.net.ssl.internal.www.protocol.https.HttpsURLConnectionOldImpl.getInputStream(HttpsURLConnectionOldImpl.java:204)
edu.yale.its.tp.cas.util.SecureURL.retrieve(SecureURL.java:91)
edu.yale.its.tp.cas.client.ServiceTicketValidator.validate(ServiceTicketValidator.java:218)
edu.yale.its.tp.cas.client.CASReceipt.getReceipt(CASReceipt.java:52)
edu.yale.its.tp.cas.client.filter.CASValidateFilter.getAuthenticatedUser(CASValidateFilter.java:393)
edu.yale.its.tp.cas.client.filter.CASValidateFilter.doFilter(CASValidateFilter.java:342)
--
Curtis Garman
Web Programmer
Heartland Community College
---
You are currently subscribed to
[hidden email] as:
[hidden email]
To unsubscribe, change settings or access archives, see
http://www.ja-sig.org/wiki/display/JSG/uportal-user
