I have taken the cert that is presented by the F5 and added it to a keystore on the tomcat server and pointed acegis to it in applicationContext-acegi-security.xml
<property name="trustStore"><value>/opt/security/tomcat.store</ value></property> The trustAnchors error has disappeared, but I am no getting the following error: 12:48:27,105 DEBUG HttpSessionContextIntegrationFilter:257 - SecurityContextHolder set to new context, as request processing completed 12:48:27,216 WARN LoggerListener:55 - Authentication event AuthenticationFailureServiceExceptionEvent: _cas_stateful_; details: [EMAIL PROTECTED]: RemoteIpAddress: 63.163.57.36; SessionId: DB1E6124DAE3CB2B69A0E95E54A8F568; exception: Connection reset 12:48:27,217 DEBUG CasProcessingFilter:404 - Updated SecurityContextHolder to contain null Authentication12:48:27,217 DEBUG CasProcessingFilter:410 - Authentication request failed: org.acegisecurity.AuthenticationServiceException: Connection reset12:48:27,218 DEBUG TokenBasedRememberMeServices:215 - Cancelling cookie for reason: Interactive authentication attempt was unsuccessful 12:48:27,218 DEBUG HttpSessionContextIntegrationFilter:257 - SecurityContextHolder set to new context, as request processing completed Any idea on what I may be missing? Has anyone configured CAS behind an F5 that supplied the SSL? Thanks, Pete On Oct 27, 2006, at 10:50 AM, Peter Giesin wrote: > I am trying to setup CAS 3.0.5. My infrastructure is the following: > F5 Load balancer / SSL to Apache2 w/mod_jk to Tomcat 5 w/Aegis. The > CAS authentication works perfectly. However, when I get redirected > back to the webapp I get the following error: > > java.lang.RuntimeException: Unexpected error: > java.security.InvalidAlgorithmParameterException: the trustAnchors > parameter must be non-empty > > Could the fact that I have a self-signed cert be causing this > problem. If I were to add the cert to a store and point Aegis at it > would it fix the problem. > > Thanks, > Pete > _______________________________________________ > Yale CAS mailing list > [email protected] > http://tp.its.yale.edu/mailman/listinfo/cas > _______________________________________________ Yale CAS mailing list [email protected] http://tp.its.yale.edu/mailman/listinfo/cas
