This isn't strictly a CAS issue, but we're encountering it trying to test CAS so I'm hoping someone may be able to offer suggestions.
We have a disaster recovery (DR) instance of our login stack that includes CAS (which uses a DR instance of LDAP). These instances have hostnames that follow a convention something like, dr-cas.example.edu and dr-ldap.example.edu. However, they use TLS certificates that use the non dr- versions of their hostnames, e,g, cas.example.edu and ldap.example.edu. The idea being that in the event we actually need to make use of the DR instance of the CAS/LDAP login stack, DNS changes would point cas.example.edu to dr-cas.example.edu, and ldap.example.edu to dr-example.edu. This presents a challenge though to test the DR instance of our login stack without making the aforementioned DNS changes. When CAS is started, it throws an exception: Caused by: javax.net.ssl.SSLPeerUnverifiedException: Hostname verification failed for dr-ldap.example.edu using [org.ldaptive.ssl.HostnameVerifierAdapter@20. ..63::hostnameVerifier=org.ldaptive.ssl.DefaultHostnameVerifier@41...82] Is there a way to get CAS to temporarily disable or ignore hostname verification via a property or Java option so that we can confirm things are otherwise working as expected? Any suggestions would be appreciated. -- Baron Fujimoto <[email protected]> :: UH Information Technology Services minutas cantorum, minutas balorum, minutas carboratum desendus pantorum -- - Website: https://apereo.github.io/cas - Gitter Chatroom: https://gitter.im/apereo/cas - List Guidelines: https://goo.gl/1VRrw7 - Contributions: https://goo.gl/mh7qDG --- You received this message because you are subscribed to the Google Groups "CAS Community" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/CAAjLUL16hZqpddPZv2q4-q6JeC1xEK7FpDS_c8SUJnyt0i84EA%40mail.gmail.com.
