I would look at your uPortal configuration to make sure everything is configured correctly. I'm not too familiar with how to configure uPortal but I'm sure our Wiki probably has some good hints: http://www.ja-sig.org/wiki/
-Scott On 11/15/06, asha latha <[EMAIL PROTECTED]> wrote:
I am sorry Scott. Actually, just now I found where I am printing 'localhost' as 'localhat' . Now I am able to redirect to the uportal homepage, but in the uportal homepage I was not logged in. It is showing the login screen. Do I have to do anything else inorder to login to the uportal page. Thank you very much for helping me with this. Thanks, Asha *Scott Battaglia <[EMAIL PROTECTED]>* wrote: Hi, The CAS client is sending the service url "http%3A%2F%2Flocalhoat%3A8080%2FuPortal%2FLogin" (without the quotes) to the Service Validator. However, it appears that this is not the initial service sent to the login page (you can see what service a ticket is granted for by turning on debug). I would see what is in the "service" parameter of the login page (/login?service=<SERVICE URL>) and compare that to what the CAS client is sending to the ticket validator and see why they are different. -Scott On 11/15/06, asha latha <[EMAIL PROTECTED]> wrote: > > > Thank you very much Scott for your explanation. > > Just now I realized that I am adding the certificate to 'C:\Program > Files\Java\jre1.5.0_05\lib\security\cacerts' file instead of 'C:\Program > Files\Java\jdk1.5.0_05\jre\lib\security\cacerts'. I have changed that and > now I am getting a different error. > > Can you help me with this error. > > This is the exception that I am getting > > javax.servlet.ServletException: > Unable to validate ProxyTicketValidator > > [[edu.yale.its.tp.cas.client.ProxyTicketValidator > proxyList=[null] > [edu.yale.its.tp.cas.client.ServiceTicketValidator casValidateUrl=[https://localhost:8443/cas/serviceValidate > ] > ticket=[ST-2-d19NGCVjeQsnNzcnjcaD1d3DfM65oWCBfMt-20] service=[http%3A%2F%2Flocalhoat%3A8080%2FuPortal%2FLogin] errorCode=[INVALID_SERVICE] > errorMessage=[ticket 'ST-2-d19NGCVjeQsnNzcnjcaD1d3DfM65oWCBfMt-20' does not match supplied service] renew=false > > entireResponse=[<cas:serviceResponse xmlns:cas='http://www.yale.edu/tp/cas' <http://www.yale.edu/tp/cas%27>> > <cas:authenticationFailure code='INVALID_SERVICE'> > > ticket 'ST-2-d19NGCVjeQsnNzcnjcaD1d3DfM65oWCBfMt-20' does not match supplied service > > </cas:authenticationFailure> > </cas:serviceResponse> > ]]]] > edu.yale.its.tp.cas.client.filter.CASValidateFilter.doFilter > (CASValidateFilter.java:292) > > *root cause* > > edu.yale.its.tp.cas.client.CASAuthenticationException: Unable to validate ProxyTicketValidator [[edu.yale.its.tp.cas.client.ProxyTicketValidator > proxyList=[null] [edu.yale.its.tp.cas.client.ServiceTicketValidator casValidateUrl=[https://localhost:8443/cas/serviceValidate > ] ticket=[ST-2-d19NGCVjeQsnNzcnjcaD1d3DfM65oWCBfMt-20] service=[http%3A%2F%2Flocalhoat%3A8080%2FuPortal%2FLogin] errorCode=[INVALID_SERVICE] errorMessage=[ticket 'ST-2-d19NGCVjeQsnNzcnjcaD1d3DfM65oWCBfMt-20' does not match supplied service] renew=false > > entireResponse=[<cas:serviceResponse xmlns:cas='http://www.yale.edu/tp/cas' <http://www.yale.edu/tp/cas%27>> > <cas:authenticationFailure code='INVALID_SERVICE'> > > ticket 'ST-2-d19NGCVjeQsnNzcnjcaD1d3DfM65oWCBfMt-20' does not match supplied service > </cas:authenticationFailure> > </cas:serviceResponse> > ]]]] > edu.yale.its.tp.cas.client.CASReceipt.getReceipt > (CASReceipt.java:62) > edu.yale.its.tp.cas.client.filter.CASValidateFilter.getAuthenticatedUser(CASValidateFilter.java:339) > edu.yale.its.tp.cas.client.filter.CASValidateFilter.doFilter(CASValidateFilter.java > :289) > > > > Thanks in advance. > > > Thanks, > Asha > > > > > *Scott Battaglia < [EMAIL PROTECTED]>* wrote: > > What I was saying was that the certificate for the CAS Server may not be > in the cacerts file for the uPortal instance's JVM. It would need to be > added. (I mention this explicitly because sometimes people think they added > it to the correct JVM and it turns out they didn't). > > -Scott > > On 11/15/06, asha latha <[EMAIL PROTECTED]> wrote: > > > > Thank you Scott for your reply. > > > > (a) does not trust the CAS server certificate which means it just > > needs to be added > > Can you please expain more on the point 'a' you specified. > > > > I am new to CAS, so I am not sure where to find enough information on > > this issue. > > > > >(b) the CN does not match the hostname (in this case localhost). > > I think this is not the issue because my host name is localhost. > > > > *Scott Battaglia < [EMAIL PROTECTED] >* wrote: > > > > It most likely means that the uPortal JVM either (a) does not trust > > the CAS server certificate which means it just needs to be added or (b) the > > CN does not match the hostname (in this case localhost). > > > > -Scott > > > > On 11/14/06, asha latha < [EMAIL PROTECTED]> wrote: > > > > > > Thank you very much for your support regarding this issue. > > > > > > Finally, my tomcat is working fine but I am still getting the error > > > when I try to integrate CAS to uportal. > > > I tried to access the uportal using the url > > > https://localhost:8443/cas/login?service=http%3A%2F%2Flocalhost:8080%2FuPortal%2FLogin<https://localhost:8443/cas/login?service=http%3A%2F%2Flocalhost:8080%2FuPortal%2FLogin> > > > > > > CAS login screen appeared and I have provided it with > > > NetId: demo > > > Password: demo > > > The user is authenticated and it created a ticket and forwarded the > > > request to uportal > > > > > > These are the lines that are printed in the tomcat command prompt: > > > > > > [java] 2006-11-14 21:05:15,936 INFO [ > > > org.jasig.cas.web.flow.AutomaticCookie > > > PathSetterAction] - <Setting ContextPath for cookies to: /cas> > > > [java] 2006-11-14 21:06:15,882 INFO [ > > > org.jasig.cas.authentication.Authentic > > > ationManagerImpl] - <AuthenticationHandler: > > > org.jasig.cas.authentication.handler > > > .support.SimpleTestUsernamePasswordAuthenticationHandler > > > successfully authentica > > > ted the user which provided the following credentials: demo> > > > [java] 2006-11-14 21:06:15,912 INFO [ > > > org.jasig.cas.CentralAuthenticationSer > > > viceImpl] - <Granted service ticket > > > [ST-2-nc4QVZbCvVrMfbukiTwiQlN9Ay6Yir09yd7-20 > > > ] for service [ http://localhost:8080/uPortal/Login] for user > > > [demo]> > > > [java] 2006-11-14 21:09:49,279 INFO [ > > > org.jasig.cas.CentralAuthenticationSer > > > viceImpl] - <Granted service ticket > > > [ST-3-2ggz6GySwabK7ctCd0OfNbJYIhEs46H4kH9-20 > > > ] for service [ http://localhost:8080/uPortal/Login ] for user > > > [demo]> > > > > > > > > > > > > but at this particular point I am getting the following exception. > > > > > > * exception* > > > > > > javax.servlet.ServletException > > > : > > > Unable to validate ProxyTicketValidator [[edu.yale.its.tp.cas.client.ProxyTicketValidator proxyList=[null] [edu.yale.its.tp.cas.client.ServiceTicketValidator > > > casValidateUrl=[ https://localhost:8443/cas/serviceValidate] ticket=[ST-2-nc4QVZbCvVrMfbukiTwiQlN9Ay6Yir09yd7-20] > > > > > > service=[http%3A%2F%2Flocalhoat%3A8080%2FuPortal%2FLogin] renew=false]]] edu.yale.its.tp.cas.client.filter.CASValidateFilter.doFilter > > > (CASValidateFilter.java:292) > > > > > > * root cause* > > > > > > edu.yale.its.tp.cas.client.CASAuthenticationException: Unable to validate ProxyTicketValidator [[ > > > edu.yale.its.tp.cas.client.ProxyTicketValidator proxyList=[null] [edu.yale.its.tp.cas.client.ServiceTicketValidator > > > > > > casValidateUrl=[ https://localhost:8443/cas/serviceValidate] ticket=[ST-2-nc4QVZbCvVrMfbukiTwiQlN9Ay6Yir09yd7-20] > > > > > > service=[http%3A%2F%2Flocalhoat%3A8080%2FuPortal%2FLogin] renew=false]]] edu.yale.its.tp.cas.client.CASReceipt.getReceipt > > > (CASReceipt.java:52) > > > edu.yale.its.tp.cas.client.filter.CASValidateFilter.getAuthenticatedUser > > > (CASValidateFilter.java:339) edu.yale.its.tp.cas.client.filter.CASValidateFilter.doFilter(CASValidateFilter.java:289) > > > > > > > > > Can anybody help me with this error. > > > > > > > > > Thanks in advance. > > > > > > Thanks, > > > Asha > > > > > > > > > *John Thiltges < [EMAIL PROTECTED] >* wrote: > > > > > > asha latha wrote: > > > > Thank you for your response John. > > > > > > > > I removed those two lines from the server.xml. > > > > > > > > > maxThreads="150" minSpareThreads="25" maxSpareThreads="75" > > > > enableLookups="false" disableUploadTimeout="true" > > > > acceptCount="100" scheme="https" secure="true" > > > > clientAuth="false" sslProtocol="TLS" > > > > /> > > > > Now I am not getting exceptions in tomcat. > > > Excellent. > > > > But when I try to open the SSL configuration by going to > > > > https://localhost:8443/ > > > > > > > > I am getting the following error message . > > > > > > > > There is a problem with this website's security > > > > certificate. > > > > The security certificate presented by this website was not > > > > issued by a trusted certificate authority. > > > > > > > > > > > > > > > > Security certificate problems may indicate an attempt to fool you > > > or > > > > intercept any data you send to the server. > > > > > > > > Do you have any idea what's going on? > > > > > > > Sounds like things are working fine. > > > > > > Because you made a self-signed certificate, it's not automatically > > > trusted by your browser and you get the warning. For a production > > > service, you'll probably want to purchase an SSL certificate from a > > > certificate authority (CA). There are lots of vendors: > > > Verisign/Thawte, > > > Comodo, GeoTrust, and many others. > > > > > > John > > > _______________________________________________ > > > Yale CAS mailing list > > > [email protected] > > > http://tp.its.yale.edu/mailman/listinfo/cas > > > > > > > > > ------------------------------ > > > Sponsored Link > > > > > > Mortgage rates near 39yr lows. $510,000 Mortgage for $1,698/mo - Calculate > > > new house payment > > > <http://www.lowermybills.com/lre/index.jsp?sourceid=lmb-9134-16416&moid=4119> > > > > > > _______________________________________________ > > > Yale CAS mailing list > > > [email protected] > > > http://tp.its.yale.edu/mailman/listinfo/cas > > > > > > > > > > > _______________________________________________ > > Yale CAS mailing list > > [email protected] > > http://tp.its.yale.edu/mailman/listinfo/cas > > > > > > __________________________________________________ > > Do You Yahoo!? > > Tired of spam? Yahoo! Mail has the best spam protection around > > http://mail.yahoo.com > > > > _______________________________________________ > > Yale CAS mailing list > > [email protected] > > http://tp.its.yale.edu/mailman/listinfo/cas > > > > > > > _______________________________________________ > Yale CAS mailing list > [email protected] > http://tp.its.yale.edu/mailman/listinfo/cas > > > ------------------------------ > Sponsored Link > > Mortgage rates near 39yr lows. $420,000 Mortgage for $1,399/mo - Calculate > new house payment<http://www.lowermybills.com/lre/index.jsp?sourceid=lmb-9132-16414&moid=4116> > > _______________________________________________ > Yale CAS mailing list > [email protected] > http://tp.its.yale.edu/mailman/listinfo/cas > > > _______________________________________________ Yale CAS mailing list [email protected] http://tp.its.yale.edu/mailman/listinfo/cas ------------------------------ Sponsored Link $200,000 mortgage for $660/mo - 30/15 yr fixed, reduce debt, home equity - Click now for info<http://www.ratemarketplace.com/forms/form.jsp?ADEL=Os4fVJ19lSwzAOc%2FzMz%2FCYLqA5sBlJ%2FHICjGxkSe1FKtmWyM5TR8Nlp9tRyEufWO&PI=y_mail_textlink> _______________________________________________ Yale CAS mailing list [email protected] http://tp.its.yale.edu/mailman/listinfo/cas
_______________________________________________ Yale CAS mailing list [email protected] http://tp.its.yale.edu/mailman/listinfo/cas
