Hello, Created ssl certificate in CAS 5.2 server system 1] keytool -genkey -keyalg RSA -alias thekeystore -keystore thekeystore -storepass changeit -validity 360 -keysize 2048 -ext san=ip:192.168.07.111 2] keytool -export -alias thekeystore -keypass changeit -file cas.crt -keystore thekeystore -storepass changeit 3] keytool -import -file cas.crt -alias thekeystore -keypass changeit -keystore /usr/lib/jvm/java-1.8.0-openjdk-amd64/jre/lib/security/cacerts -storepass changeit
created ssl certificate in Apache client system 1] openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout client.key -out client.crt How can I connect cas server 5.2 to Apache client Apache client side, I can redirected to cas server login page but after entered username and password then it is show "Unauthorized " error page which certificate i need to pass from server to client /etc/ssl/certs path how can i connect server and client to each other Thanks and Regards Arti On Thursday, March 25, 2021 at 10:20:22 PM UTC+5:30 Ray Bon wrote: > Arti, > > 'subject alternative name' is part of your SSL certificate. > See, > https://apereo.github.io/cas/6.3.x/installation/Troubleshooting-Guide.html#no-subject-alternative-names, > > for some trouble shooting. > > Ray > > On Thu, 2021-03-25 at 04:23 -0700, arti wavale wrote: > > Notice: This message was sent from outside the University of Victoria > email system. Please be cautious with links and sensitive information. > > > Hello, > > I am facing same issue so can you tell me how you created certificate and > share your admusers.properties file once > > ISSUE: > CAS is unable to process this request: "500:Internal Server Error" > > org.pac4j.core.exception.TechnicalException: java.lang.RuntimeException: > javax.net.ssl.SSLHandshakeException: No subject alternative names present > at > org.pac4j.core.engine.DefaultSecurityLogic.perform(DefaultSecurityLogic.java:170) > > at > org.pac4j.springframework.web.SecurityInterceptor.preHandle(SecurityInterceptor.java:65) > > at > org.pac4j.springframework.web.SecurityInterceptor$$FastClassBySpringCGLIB$$efdcf9fe.invoke(<generated>) > > at org.springframework.cglib.proxy.MethodProxy.invoke(MethodProxy.java:204) > at > org.springframework.aop.framework.CglibAopProxy$CglibMethodInvocation.invokeJoinpoint(CglibAopProxy.java:738) > > at > org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:157) > > at > org.springframework.aop.support.DelegatingIntroductionInterceptor.doProceed(DelegatingIntroductionInterceptor.java:133) > > at > org.springframework.aop.support.DelegatingIntroductionInterceptor.invoke(DelegatingIntroductionInterceptor.java:121) > > at > org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:179) > > at > org.springframework.aop.framework.CglibAopProxy$DynamicAdvisedInterceptor.intercept(CglibAopProxy.java:673) > > at > org.pac4j.springframework.web.SecurityInterceptor$$EnhancerBySpringCGLIB$$577bc7b.preHandle(<generated>) > > at > org.apereo.cas.config.CasSecurityContextConfiguration$CasAdminStatusInterceptor.preHandle(CasSecurityContextConfiguration.java:155) > > at > org.springframework.web.servlet.HandlerExecutionChain.applyPreHandle(HandlerExecutionChain.java:133) > > at > org.springframework.web.servlet.DispatcherServlet.doDispatch(DispatcherServlet.java:962) > > at > org.springframework.web.servlet.DispatcherServlet.doService(DispatcherServlet.java:901) > > at > org.springframework.web.servlet.FrameworkServlet.processRequest(FrameworkServlet.java:970) > > at > org.springframework.web.servlet.FrameworkServlet.doGet(FrameworkServlet.java:861) > > at javax.servlet.http.HttpServlet.service(HttpServlet.java:634) at > org.springframework.web.servlet.FrameworkServlet.service(FrameworkServlet.java:846) > > at javax.servlet.http.HttpServlet.service(HttpServlet.java:741) at > org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:231) > > at > org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166) > > at org.apache.tomcat.websocket.server.WsFilter.doFilter(WsFilter.java:52) > at > org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193) > > at > org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166) > > at > org.apereo.cas.web.support.AuthenticationCredentialsLocalBinderClearingFilter.doFilter(AuthenticationCredentialsLocalBinderClearingFilter.java:28) > > at > org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193) > > at > org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166) > > at > org.apereo.cas.security.RequestParameterPolicyEnforcementFilter.doFilter(RequestParameterPolicyEnforcementFilter.java:261) > > at > org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193) > > at > org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166) > > at > org.apereo.cas.security.ResponseHeadersEnforcementFilter.doFilter(ResponseHeadersEnforcementFilter.java:245) > > at > org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193) > > at > org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166) > > at > org.springframework.boot.actuate.trace.WebRequestTraceFilter.doFilterInternal(WebRequestTraceFilter.java:111) > > at > org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:107) > > at > org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193) > > at > org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166) > > at > org.springframework.web.filter.RequestContextFilter.doFilterInternal(RequestContextFilter.java:99) > > at > org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:107) > > at > org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193) > > at > org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166) > > at > org.springframework.web.filter.HttpPutFormContentFilter.doFilterInternal(HttpPutFormContentFilter.java:109) > > at > org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:107) > > at > org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193) > > at > org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166) > > at > org.springframework.web.filter.HiddenHttpMethodFilter.doFilterInternal(HiddenHttpMethodFilter.java:81) > > at > org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:107) > > at > org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193) > > at > org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166) > > at > org.apereo.cas.logging.web.ThreadContextMDCServletFilter.doFilter(ThreadContextMDCServletFilter.java:93) > > at > org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193) > > at > org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166) > > at > org.springframework.boot.actuate.autoconfigure.MetricsFilter.doFilterInternal(MetricsFilter.java:106) > > at > org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:107) > > at > org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193) > > at > org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166) > > at > org.springframework.web.filter.CharacterEncodingFilter.doFilterInternal(CharacterEncodingFilter.java:197) > > at > org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:107) > > at > org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193) > > at > org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166) > > at > org.springframework.boot.web.support.ErrorPageFilter.doFilter(ErrorPageFilter.java:117) > > at > org.springframework.boot.web.support.ErrorPageFilter.access$000(ErrorPageFilter.java:61) > > at > org.springframework.boot.web.support.ErrorPageFilter$1.doFilterInternal(ErrorPageFilter.java:92) > > at > org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:107) > > at > org.springframework.boot.web.support.ErrorPageFilter.doFilter(ErrorPageFilter.java:110) > > at > org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193) > > at > org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166) > > at > org.apereo.inspektr.common.web.ClientInfoThreadLocalFilter.doFilter(ClientInfoThreadLocalFilter.java:66) > > at > org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193) > > at > org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166) > > at > org.apache.logging.log4j.web.Log4jServletFilter.doFilter(Log4jServletFilter.java:71) > > at > org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193) > > at > org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166) > > at > org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:199) > > at > org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:96) > > at > org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:528) > > at > org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:139) > at > org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:81) > at > org.apache.catalina.valves.AbstractAccessLogValve.invoke(AbstractAccessLogValve.java:678) > > at org.apache.catalina.valves.RemoteIpValve.invoke(RemoteIpValve.java:747) > at > org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:87) > > at > org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:343) > at > org.apache.coyote.http2.StreamProcessor.service(StreamProcessor.java:324) > at > org.apache.coyote.AbstractProcessorLight.process(AbstractProcessorLight.java:66) > > at org.apache.coyote.http2.StreamProcessor.process(StreamProcessor.java:69) > at org.apache.coyote.http2.StreamRunnable.run(StreamRunnable.java:35) at > java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1149) > > at > java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:624) > > at > org.apache.tomcat.util.threads.TaskThread$WrappingRunnable.run(TaskThread.java:61) > > at java.lang.Thread.run(Thread.java:748) Caused by: > java.lang.RuntimeException: javax.net.ssl.SSLHandshakeException: No subject > alternative names present at > org.jasig.cas.client.util.CommonUtils.getResponseFromServer(CommonUtils.java:458) > > at > org.jasig.cas.client.validation.AbstractCasProtocolUrlBasedTicketValidator.retrieveResponseFromServer(AbstractCasProtocolUrlBasedTicketValidator.java:41) > > at > org.jasig.cas.client.validation.AbstractUrlBasedTicketValidator.validate(AbstractUrlBasedTicketValidator.java:193) > > at > org.pac4j.cas.credentials.authenticator.CasAuthenticator.validate(CasAuthenticator.java:62) > > at > org.pac4j.cas.client.direct.DirectCasClient.retrieveCredentials(DirectCasClient.java:68) > > at > org.pac4j.cas.client.direct.DirectCasClient.retrieveCredentials(DirectCasClient.java:37) > > at org.pac4j.core.client.DirectClient.getCredentials(DirectClient.java:44) > at > org.pac4j.core.engine.DefaultSecurityLogic.perform(DefaultSecurityLogic.java:115) > > ... 90 more Caused by: javax.net.ssl.SSLHandshakeException: No subject > alternative names present at > sun.security.ssl.Alert.createSSLException(Alert.java:131) at > sun.security.ssl.TransportContext.fatal(TransportContext.java:324) at > sun.security.ssl.TransportContext.fatal(TransportContext.java:267) at > sun.security.ssl.TransportContext.fatal(TransportContext.java:262) at > sun.security.ssl.CertificateMessage$T12CertificateConsumer.checkServerCerts(CertificateMessage.java:654) > > at > sun.security.ssl.CertificateMessage$T12CertificateConsumer.onCertificate(CertificateMessage.java:473) > > at > sun.security.ssl.CertificateMessage$T12CertificateConsumer.consume(CertificateMessage.java:369) > > at sun.security.ssl.SSLHandshake.consume(SSLHandshake.java:377) at > sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:444) at > sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:422) at > sun.security.ssl.TransportContext.dispatch(TransportContext.java:182) at > sun.security.ssl.SSLTransport.decode(SSLTransport.java:149) at > sun.security.ssl.SSLSocketImpl.decode(SSLSocketImpl.java:1143) at > sun.security.ssl.SSLSocketImpl.readHandshakeRecord(SSLSocketImpl.java:1054) > at sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:394) at > sun.net.www.protocol.https.HttpsClient.afterConnect(HttpsClient.java:559) > at > sun.net.www.protocol.https.AbstractDelegateHttpsURLConnection.connect(AbstractDelegateHttpsURLConnection.java:185) > > at > sun.net.www.protocol.http.HttpURLConnection.getInputStream0(HttpURLConnection.java:1570) > > at > sun.net.www.protocol.http.HttpURLConnection.getInputStream(HttpURLConnection.java:1498) > > at > sun.net.www.protocol.https.HttpsURLConnectionImpl.getInputStream(HttpsURLConnectionImpl.java:268) > > at > org.jasig.cas.client.util.CommonUtils.getResponseFromServer(CommonUtils.java:444) > > ... 97 more Caused by: java.security.cert.CertificateException: No subject > alternative names present at > sun.security.util.HostnameChecker.matchIP(HostnameChecker.java:156) at > sun.security.util.HostnameChecker.match(HostnameChecker.java:100) at > sun.security.ssl.X509TrustManagerImpl.checkIdentity(X509TrustManagerImpl.java:457) > > at > sun.security.ssl.X509TrustManagerImpl.checkIdentity(X509TrustManagerImpl.java:431) > > at > sun.security.ssl.X509TrustManagerImpl.checkTrusted(X509TrustManagerImpl.java:230) > > at > sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:129) > > at > sun.security.ssl.CertificateMessage$T12CertificateConsumer.checkServerCerts(CertificateMessage.java:638) > > ... 113 more > > On Tuesday, February 6, 2018 at 11:42:35 PM UTC+5:30 Carlos Eduardo Santos > wrote: > > Thank you gentlemen for all the help. Thank you David ! > I was able to solve the certificate problem, I had problem with > admusers.properties but I was able to resolve and access the dashboard. > As a solution, I had to create a new certificate with the domain > certificates we have, following the steps of the excellent documentation > provided by David. > Now I'm accessing the dashboard and other options and also cas-management. > > Thank you one more time !! > > Em sexta-feira, 2 de fevereiro de 2018 10:54:00 UTC-2, Carlos Eduardo > Santos escreveu: > > / status / dashborad - Page not found. > Hello everyone, I have been trying to configure the CAS server for a few > days (following all the information from "the new school"). The information > is very clear, but I could not access anything ahead of / status /. > To the status page I can visualize the dashboard, for example, nothing. > Below the configuration of cas.properties > > cas.server.name = http: // xxxxxxxxxxxxxx > cas.server.prefix = $ {server.name} / cas > cas.tgc.secure = true > cas.tgc.encryptionKey = DCETkZ33-A7TETvjgZ24J_o2xQkyQxc0FCFa725ubnY > cas.tgc.signingKey = > 8y-RtN0Ny3VF9DAkNQPvIeXXkHtTetFu9bEcG5G7F95ckmSdvE9ZdMSbVCRvBEmwJv_Bbr7wBIfsCrXdo-IytQ > cas.webflow.crypto.signing.key = > J4qjH74TlZY5Ic6GTnblZbwKN4Ye1mBuMEr-a3_DNpakNbmkX0LUmXGQ30oetbf8N_dNXsG_rdjWyXUOen1mEA > cas.webflow.crypto.encryption.key = dE1URfP5K6nvFtnUgBppQw == > cas.authn.accept.users = > logging.config = file: /etc/cas/config/log4j2.xml > cas.serviceRegistry.config.location = file: / etc / cas / services > cas.authn.accept.users = > cas.authn.ldap [0] .order = 0 > cas.authn.ldap [0] .name = Active Directory > cas.authn.ldap [0] .type = AUTHENTICATED > cas.authn.ldap [0] .ldapUrl = ldap: //10.1.0.48:389 > cas.authn.ldap [0] .userFilter = sAMAccountName = {user} > cas.authn.ldap [0] .useSsl = false > cas.authn.ldap [0] .baseDn = OU = CNANET, DC = cna, DC = org, DC = br > cas.authn.ldap [0] .dnFormat = uid =% s, ou = people, dc = example, dc = > org > cas.authn.ldap [0] .subtreeSearch = true > cas.authn.ldap [0] .bindDn = cn = xxxxx, cn = Users, dc = xxx, dc = org, > dc = br > cas.authn.ldap [0] .bindCredential = xxxxxxx > cas.adminPagesSecurity.actuatorEndpointsEnabled = true > cas.monitor.endpoints.enabled = true > endpoints.enabled = true > cas.adminPagesSecurity.ip = ^ 10 \\. 1 \\. (3 \\. [0-9] {1,3} | 0 \\. [12] > 0) $ > cas.monitor.endpoints.sensitive = false > endpoints.sensitive = false > cas.adminPagesSecurity.loginUrl = $ {cas.server.prefix} / login > cas.adminPagesSecurity.service = $ {cas.server.prefix} / status / dashboard > cas.adminPagesSecurity.users = file: /etc/cas/config/admusers.properties > cas.adminPagesSecurity.adminRoles [0] = ROLE_ADMIN > ############## > I'm trying to free cas.adminPagesSecurity.ip for the 10.1.3.0/24 network. > but I do not know if that's the right way. > I've tried to follow another topic that talks about it but without success. > Please, can someone help me !!! > Thank you. > > > -- > > Ray Bon > Programmer Analyst > Development Services, University Systems > 2507218831 <(250)%20721-8831> | CLE 019 | rb...@uvic.ca > > I respectfully acknowledge that my place of work is located within the > ancestral, traditional and unceded territory of the Songhees, Esquimalt and > WSÁNEĆ Nations. > -- - Website: https://apereo.github.io/cas - Gitter Chatroom: https://gitter.im/apereo/cas - List Guidelines: https://goo.gl/1VRrw7 - Contributions: https://goo.gl/mh7qDG --- You received this message because you are subscribed to the Google Groups "CAS Community" group. To unsubscribe from this group and stop receiving emails from it, send an email to cas-user+unsubscr...@apereo.org. To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/8814dc08-fce7-4ba9-9d0c-8a387b800c55n%40apereo.org.
