Scott,
Thanks for the reply. I am getting this SSL error, which I find strange because there isn't a problem with the original connection for the authentication but then in the request to proxyValidate, I get this error: 2009-02-25 15:46:21,238 INFO [org.jasig.cas.CentralAuthenticationServiceImpl] - <Granted service ticket [ST-11-RvvcePi6WVjMwvj2NnLr-cas] for service [https://clawstest2.sxu.edu/waCas.asp] for user [kcb1]> 2009-02-25 15:47:24,222 ERROR [org.jasig.cas.util.HttpClient] - <javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target> javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target at com.sun.net.ssl.internal.ssl.Alerts.getSSLException(Alerts.java:174) at com.sun.net.ssl.internal.ssl.SSLSocketImpl.fatal(SSLSocketImpl.java:1591 ) at com.sun.net.ssl.internal.ssl.Handshaker.fatalSE(Handshaker.java:187) at com.sun.net.ssl.internal.ssl.Handshaker.fatalSE(Handshaker.java:181) at com.sun.net.ssl.internal.ssl.ClientHandshaker.serverCertificate(ClientHa ndshaker.java:975) at com.sun.net.ssl.internal.ssl.ClientHandshaker.processMessage(ClientHands haker.java:123) at com.sun.net.ssl.internal.ssl.Handshaker.processLoop(Handshaker.java:516) at com.sun.net.ssl.internal.ssl.Handshaker.process_record(Handshaker.java:4 54) at com.sun.net.ssl.internal.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java :884) at com.sun.net.ssl.internal.ssl.SSLSocketImpl.performInitialHandshake(SSLSo cketImpl.java:1096) at com.sun.net.ssl.internal.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl. java:1123) at com.sun.net.ssl.internal.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl. java:1107) at sun.net.www.protocol.https.HttpsClient.afterConnect(HttpsClient.java:405 ) at sun.net.www.protocol.https.AbstractDelegateHttpsURLConnection.connect(Ab stractDelegateHttpsURLConnection.java:166) at sun.net.www.protocol.https.HttpsURLConnectionImpl.connect(HttpsURLConnec tionImpl.java:133) at org.jasig.cas.util.HttpClient.isValidEndPoint(HttpClient.java:122) at org.jasig.cas.authentication.handler.support.HttpBasedServiceCredentials AuthenticationHandler.authenticate(HttpBasedServiceCredentialsAuthentica tionHandler.java:57) at org.jasig.cas.authentication.AuthenticationManagerImpl.authenticate(Auth enticationManagerImpl.java:88) at org.jasig.cas.CentralAuthenticationServiceImpl.delegateTicketGrantingTic ket(CentralAuthenticationServiceImpl.java:262) at org.jasig.cas.web.ServiceValidateController.handleRequestInternal(Servic eValidateController.java:126) at org.springframework.web.servlet.mvc.AbstractController.handleRequest(Abs tractController.java:153) at org.springframework.web.servlet.mvc.SimpleControllerHandlerAdapter.handl e(SimpleControllerHandlerAdapter.java:48) at org.springframework.web.servlet.DispatcherServlet.doDispatch(DispatcherS ervlet.java:875) at org.springframework.web.servlet.DispatcherServlet.doService(DispatcherSe rvlet.java:807) at org.springframework.web.servlet.FrameworkServlet.processRequest(Framewor kServlet.java:571) at org.springframework.web.servlet.FrameworkServlet.doGet(FrameworkServlet. java:501) at javax.servlet.http.HttpServlet.service(HttpServlet.java:690) at javax.servlet.http.HttpServlet.service(HttpServlet.java:803) at org.jasig.cas.web.init.SafeDispatcherServlet.service(SafeDispatcherServl et.java:115) at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(Applica tionFilterChain.java:269) at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilt erChain.java:188) at org.inspektr.common.web.ClientInfoThreadLocalFilter.doFilterInternal(Cli entInfoThreadLocalFilter.java:48) at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequ estFilter.java:76) at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(Applica tionFilterChain.java:215) at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilt erChain.java:188) at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValv e.java:213) at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValv e.java:174) at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java :127) at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java :117) at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve. java:108) at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:1 74) at org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:87 4) at org.apache.coyote.http11.Http11BaseProtocol$Http11ConnectionHandler.proc essConnection(Http11BaseProtocol.java:665) at org.apache.tomcat.util.net.PoolTcpEndpoint.processSocket(PoolTcpEndpoint .java:528) at org.apache.tomcat.util.net.LeaderFollowerWorkerThread.runIt(LeaderFollow erWorkerThread.java:81) at org.apache.tomcat.util.threads.ThreadPool$ControlRunnable.run(ThreadPool .java:689) at java.lang.Thread.run(Thread.java:619) Caused by: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:285) at sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:1 91) at sun.security.validator.Validator.validate(Validator.java:218) at com.sun.net.ssl.internal.ssl.X509TrustManagerImpl.validate(X509TrustMana gerImpl.java:126) at com.sun.net.ssl.internal.ssl.X509TrustManagerImpl.checkServerTrusted(X50 9TrustManagerImpl.java:209) at com.sun.net.ssl.internal.ssl.X509TrustManagerImpl.checkServerTrusted(X50 9TrustManagerImpl.java:249) at com.sun.net.ssl.internal.ssl.ClientHandshaker.serverCertificate(ClientHa ndshaker.java:954) ... 42 more Caused by: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target at sun.security.provider.certpath.SunCertPathBuilder.engineBuild(SunCertPat hBuilder.java:174) at java.security.cert.CertPathBuilder.build(CertPathBuilder.java:238) at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:280) ... 48 more 2009-02-25 15:47:24,222 INFO [org.jasig.cas.authentication.AuthenticationManagerImpl] - <AuthenticationHandler: org.jasig.cas.authentication.handler.support.HttpBasedServiceCredentials AuthenticationHandler failed to authenticate the user which provided the following credentials: [callbackUrl: https://logintest1.sxu.edu/cas/clearPass]> 2009-02-25 15:47:24,222 ERROR [org.jasig.cas.web.ServiceValidateController] - <TicketException generating ticket for: [callbackUrl: https://logintest1.sxu.edu/cas/clearPass]> org.jasig.cas.ticket.TicketCreationException: error.authentication.credentials.bad at org.jasig.cas.CentralAuthenticationServiceImpl.delegateTicketGrantingTic ket(CentralAuthenticationServiceImpl.java:291) at org.jasig.cas.web.ServiceValidateController.handleRequestInternal(Servic eValidateController.java:126) at org.springframework.web.servlet.mvc.AbstractController.handleRequest(Abs tractController.java:153) at org.springframework.web.servlet.mvc.SimpleControllerHandlerAdapter.handl e(SimpleControllerHandlerAdapter.java:48) at org.springframework.web.servlet.DispatcherServlet.doDispatch(DispatcherS ervlet.java:875) at org.springframework.web.servlet.DispatcherServlet.doService(DispatcherSe rvlet.java:807) at org.springframework.web.servlet.FrameworkServlet.processRequest(Framewor kServlet.java:571) at org.springframework.web.servlet.FrameworkServlet.doGet(FrameworkServlet. java:501) at javax.servlet.http.HttpServlet.service(HttpServlet.java:690) at javax.servlet.http.HttpServlet.service(HttpServlet.java:803) at org.jasig.cas.web.init.SafeDispatcherServlet.service(SafeDispatcherServl et.java:115) at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(Applica tionFilterChain.java:269) at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilt erChain.java:188) at org.inspektr.common.web.ClientInfoThreadLocalFilter.doFilterInternal(Cli entInfoThreadLocalFilter.java:48) at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequ estFilter.java:76) at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(Applica tionFilterChain.java:215) at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilt erChain.java:188) at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValv e.java:213) at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValv e.java:174) at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java :127) at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java :117) at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve. java:108) at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:1 74) at org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:87 4) at org.apache.coyote.http11.Http11BaseProtocol$Http11ConnectionHandler.proc essConnection(Http11BaseProtocol.java:665) at org.apache.tomcat.util.net.PoolTcpEndpoint.processSocket(PoolTcpEndpoint .java:528) at org.apache.tomcat.util.net.LeaderFollowerWorkerThread.runIt(LeaderFollow erWorkerThread.java:81) at org.apache.tomcat.util.threads.ThreadPool$ControlRunnable.run(ThreadPool .java:689) at java.lang.Thread.run(Thread.java:619) Caused by: error.authentication.credentials.bad at org.jasig.cas.authentication.handler.BadCredentialsAuthenticationExcepti on.<clinit>(BadCredentialsAuthenticationException.java:25) at org.jasig.cas.authentication.AuthenticationManagerImpl.authenticate(Auth enticationManagerImpl.java:113) at org.jasig.cas.CentralAuthenticationServiceImpl.delegateTicketGrantingTic ket(CentralAuthenticationServiceImpl.java:262) ... 28 more I have imported every cert into every keystore (both CAS server cert into proxy server store and proxy server cert into CAS server store and the intermediary certs as well). Any thoughts? I am still pretty new to Java and completely new to proxying so it may be something simple. Thanks, Kris Kristopher Borchers Web Application Developer - Content Analyst Saint Xavier University Ph. 773-298-3924 [email protected] <mailto:[email protected]> www.sxu.edu <http://www.sxu.edu> Saint Xavier University - Success with Purpose. Saint Xavier University, a Catholic institution inspired by the heritage of the Sisters of Mercy, educates men and women to search for truth, to think critically, to communicate effectively, and to serve wisely and compassionately in support of human dignity and the common good. ________________________________ From: Scott Battaglia [mailto:[email protected]] Sent: Wednesday, February 25, 2009 10:06 PM To: [email protected] Subject: Re: [cas-user] Proxy Authentication Question -- You are currently subscribed to [email protected] as: [email protected] To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user -- You are currently subscribed to [email protected] as: [email protected] To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user
