I thank you for your help Misagh, However, what we have is that the SLO is not able to reach the web server apache session in /tmp/cas using mod_auth_cas. I don't understand why it is saying the certificate for apahe is not valid. I have it imported the CAS cert, same as the one in tomcat server.xml to the CACerts file.
The affect if the user session is still active until the apache /tmp/cas session is removed. Unless the user completely close the browser, the session is still open. We have a requirement that the user have to authenticate whenever they logout and it is not working unless you close the browser. Does anyone know a way to fix that? If the answer is turning SLO off, I do not see where you do that in this file: /cas/cas-server-3.5.2.1/cas-server-core/src/main/java/org/jasig/cas/ticket/registry/support/DefaultTicketRegistryCleaner.java From: Misagh Moayyed [mailto:mmoay...@unicon.net] Sent: Wednesday, September 30, 2015 1:53 AM To: cas-user@lists.jasig.org Subject: RE: [cas-user] cas 3.5.2 catalina logs You have an app at https://dcis.hhs.gov/main.php whose certificate is considered invalid, and your CAS has SLO turned on, and CAS is trying to send SLO notifications to the app, and it fails. Reference: http://jasig.github.io/cas/4.1.x/installation/Troubleshooting-Guide.html#pkix-path-building-failed From: Chris Cheltenham [mailto:cchelten...@swaintechs.com] Sent: Tuesday, September 29, 2015 4:56 PM To: cas-user@lists.jasig.org<mailto:cas-user@lists.jasig.org> Subject: [cas-user] cas 3.5.2 catalina logs Hello, I see this in my tomcat6 logs. Does anyone know why something is trying to write back to main/php which does not live on this server? 2015-09-29 19:53:21,363 WARN [org.jasig.cas.util.HttpClient] - <Error Sending message to url endpoint [https://dcis.hhs.gov/main.php]. Error is [sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderExc eption: unable to find valid certification path to requested target]> root@acquisitions-reports1:/var/log/tomcat6 > Thank You; Chris Cheltenham cchelten...@swaintechs.com<mailto:cchelten...@swaintechs.com> SwainTechs 10 Walnut Grove Rd Suite 110 Horsham, PA 19044 888-905-5767 / X407 -- You are currently subscribed to cas-user@lists.jasig.org<mailto:cas-user@lists.jasig.org> as: mmoay...@unicon.net<mailto:mmoay...@unicon.net> To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user -- You are currently subscribed to cas-user@lists.jasig.org<mailto:cas-user@lists.jasig.org> as: cchelten...@swaintechs.com<mailto:cchelten...@swaintechs.com> To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user -- You are currently subscribed to cas-user@lists.jasig.org as: arch...@mail-archive.com To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user
