> sniffer on the dc/gc sees the initial ldap bind, the search, and the > success return, so this is something failing in CAS before it hands me > back off to uportal, not the ldap connection.
I would agree with that analysis based on the stack trace. The failure appears to happen when the CAS client attempts to connect to CAS for service ticket validation. You mentioned this could be related to SSL, but I've not seen this sort of error caused by SSL trouble. But I would agree that investigating that a little deeper would be a good first step. I recommend you produce an SSL trace on the client application (uPortal?). Assuming you're running tomcat: 1. Create/edit a $TOMCAT_HOME/bin/setenv.sh with the following: CATALINA_OPTS=$CATALINA_OPTS" -Djavax.net.debug=ssl" export CATALINA_OPTS 2. Restart the container and attempt to reproduce the problem 3. Examine the file containing the contents of stdout (catalina.out by default), which should contain the trace Send the trace to the list if you need help reading/analyzing it. M -- You are currently subscribed to [email protected] as: [email protected] To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user
