On 20.03.2009 17:54, Denis Kostousov wrote: > On 20.03.2009 17:18, Marvin Addison wrote: >>> ERROR [edu.yale.its.tp.cas.client.CASReceipt] - >>> <edu.yale.its.tp.cas.client.CASAuthenticationException: Unable to validate >>> ProxyTicketValidator [[edu.yale.its.tp.cas.client.ProxyTicketValidator >>> proxyList=[null] [edu.yale.its.tp.cas.client.ServiceTicketValidator >>> casValidateUrl=[https://localhost:8443/cas/proxyValidate] >>> proxyCallbackUrl=[https://localhost:8443/ui-fw/CasProxyServlet] ticket= >>> [ST-1-Bn0WScujP0zeyVOcNBkN-cas] >>> service=[http%3A%2F%2Flocalhost%3A8080%2Fui-fw] renew=false]]]> >> >> It looks like CAS failing to validate the proxy callback URL. CAS >> proxy has an additional PKI requirement that CAS trust the client, so >> you'd need to import the client cert into the CAS server truststore. >> I would recommend against that for anything other than testing. >> >> Can you confirm you actually need CAS proxying capabilities? If you >> don't need it, you could remove the >> edu.yale.its.tp.cas.client.filter.proxyCallbackUrl init param and save >> yourself the trouble. > > My cert already was imported to $JAVA_HOME/jre/lib/security/cacerts
I have solve the problem. The trust cert keystore path is defined by javax.net.ssl.trustStore propery. Default value is $JAVA_HOME/jre/lib/security/cacerts But the webapp has a manual defined value, not default. -- Denis Kostousov email: d.kostousovTHEDOGffammDOTcom jabber: sandelloATjabber.ru fingerprint: FE3D 60AF E08D 2D2A 6A8B C891 70BB 0665 F047 ADAE -- You are currently subscribed to [email protected] as: [email protected] To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user
