I put a certificate in my cas server tomcat, and export his .cer with keytool, copy the file .cer into my computer with the 2 tomcat (1 for confluence, 1 for jira) and use the import argument of keytool to add this certificate in my cacerts keystore in my jdk (c:\program files\java\jdk1.6\jre\lib\security\cacerts). So I think that finally my certificate is trusted but when I restart the 2 tomcat and try I still have the redirect loop error on firefox and this error on my tomcat (for jira) :
error in accessing cas service : org.soulwing.cas.client.ServiceAccessException : javax.net.ssl.SSLHandshakeException : sun.security.validator.ValidatorException : PKIX path building failed sun.security.provider.certpath.SunCertPathBuilderException : unable to find valid certification path to request target. . . . [soulwing.cas.client.DefaultValidatorImpl] assuming that ticket ST-127-a456DF6efsqQ85SD8QDfs4-cas is stale and the cas.log file in cas server I can see : 2010-01-09 07:37:59,072 DEBUG [org.apache.catalina.authenticator.AuthenticatorBase] - Security checking request GET /cas/images/key-point_br.gif 2010-01-09 07:37:59,072 DEBUG [org.apache.catalina.authenticator.AuthenticatorBase] - Calling hasUserDataPermission() 2010-01-09 07:37:59,072 DEBUG [org.apache.catalina.authenticator.AuthenticatorBase] - Calling accessControl() 2010-01-09 07:37:59,072 DEBUG [org.apache.catalina.authenticator.AuthenticatorBase] - Successfully passed all security constraints 2010-01-09 07:38:08,876 DEBUG [org.apache.catalina.authenticator.AuthenticatorBase] - Security checking request POST /cas/login 2010-01-09 07:38:08,878 DEBUG [org.apache.catalina.authenticator.AuthenticatorBase] - Calling hasUserDataPermission() 2010-01-09 07:38:08,879 DEBUG [org.apache.catalina.authenticator.AuthenticatorBase] - Calling accessControl() 2010-01-09 07:38:08,879 DEBUG [org.apache.catalina.authenticator.AuthenticatorBase] - Successfully passed all security constraints 2010-01-09 07:38:09,848 INFO [org.jasig.cas.authentication.AuthenticationManagerImpl] - AuthenticationHandler: org.jasig.cas.adaptors.ldap.BindLdapAuthenticationHandler successfully authenticated the user which provided the following credentials: clement 2010-01-09 07:38:09,865 INFO [org.jasig.cas.CentralAuthenticationServiceImpl] - Granted service ticket [ST-1-jzwJ0l6RuK9UOXqtEIl4-cas] for service [http://192.168.1.121:8180/jira/] for user [clement] 2010-01-09 07:38:10,940 DEBUG [org.apache.catalina.authenticator.AuthenticatorBase] - Security checking request GET /cas/login 2010-01-09 07:38:10,941 DEBUG [org.apache.catalina.authenticator.AuthenticatorBase] - Calling hasUserDataPermission() 2010-01-09 07:38:10,941 DEBUG [org.apache.catalina.authenticator.AuthenticatorBase] - Calling accessControl() 2010-01-09 07:38:10,941 DEBUG [org.apache.catalina.authenticator.AuthenticatorBase] - Successfully passed all security constraints 2010-01-09 07:38:10,956 INFO [org.jasig.cas.CentralAuthenticationServiceImpl] - Granted service ticket [ST-2-LbKZpe20ARaIUbJdjkJL-cas] for service [http://192.168.1.121:8180/jira/] for user [clement] 2010-01-09 07:38:11,046 DEBUG [org.apache.catalina.authenticator.AuthenticatorBase] - Security checking request GET /cas/login 2010-01-09 07:38:11,046 DEBUG [org.apache.catalina.authenticator.AuthenticatorBase] - Calling hasUserDataPermission() 2010-01-09 07:38:11,046 DEBUG [org.apache.catalina.authenticator.AuthenticatorBase] - Calling accessControl() 2010-01-09 07:38:11,046 DEBUG [org.apache.catalina.authenticator.AuthenticatorBase] - Successfully passed all security constraints 2010-01-09 07:38:11,055 INFO [org.jasig.cas.CentralAuthenticationServiceImpl] - Granted service ticket [ST-3-3oljxNcHaQAlGlme9L7d-cas] for service......... and Granted service for 8 more times with finally the redirect loop on firefox. According to the jira's tomcat error message the problem come from the certificate but I don't understand why. Jira and Confluence are using another jdk ? It's because I've also got an UserTransaction exception warning when starting my jira's tomcat, but then why I've got the same problem with confluence ? Because my cas server is not working with the good date and hour ? I don't understand maybe with those details you will understand and find the solution to my problem thanks -- You are currently subscribed to [email protected] as: [email protected] To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user
