It looks like your certificate is not in your JVM cacerts file. This should add it to your cacerts file:
%JAVA_HOME%\bin\keytool -import -file server.crt -keypass changeit -keystore %JAVA_HOME%/jre/lib/security/cacerts replacing server.crt with the actual file holding your certificate. -Scott On 2/20/07, k2g <[EMAIL PROTECTED]> wrote:
Service app was built using webwork, spring, hibernate .... I am using Acegi Security 1.0.3 and JA-SIG CAS 3.0.4 server In the service app, The redirection to cas login page works when i type in the service app url. I am getting authenticated successfully from cas server login (see the log below) and also being granted service ticket. But after that i am getting redirected to casfailed.jsp in the service app, i get the following error shown below. log: INFO [http-8443-Processor25] AuthenticationManagerImpl.authenticate(88) | AuthenticationHandler: org.acegisecurity.adapters.cas3.CasAuthenticationHandler successfully authenticated the user. INFO [http-8443-Processor25] CentralAuthenticationServiceImpl.grantServiceTicket(167) | Granted service ticket [ST-2-dddSXAi3Rv6yBNlQYNFCIrClYZ5OdkJJoFb-20] for service [https://localhost:8443/myapp/j_acegi_cas_security_check] for user [admin] WARN [http-8443-Processor24] LoggerListener.onApplicationEvent(55) | Authentication event AuthenticationFailureServiceExceptionEvent: _cas_stateful_; details: [EMAIL PROTECTED]: RemoteIpAddress: 10.22.2.148; SessionId: null; exception: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target ERROR [http-8443-Processor25] [jsp].invoke(253) | Servlet.service() for servlet jsp threw exception org.apache.jasper.JasperException: The absolute uri: http://java.sun.com/jstl/core cannot be resolved in either web.xml or the jar files deployed with this application at org.apache.jasper.compiler.DefaultErrorHandler.jsp Couple of observations from the log, 1. In the browser the following error was thrown (after successful authentication from cas): While processing request " /casfailed.jsp ", the application encountered the following internal error condition: org.apache.jasper.JasperException: The absolute uri: http://java.sun.com/jstl/core cannot be resolved in either web.xml or the jar files deployed with this application My applicationContext.xml defn for authentication failureurl <bean id="casProcessingFilter" class="org.acegisecurity.ui.cas.CasProcessingFilter"> <property name="authenticationManager" ref="authenticationManager"/> <property name="authenticationFailureUrl" value="/casfailed.jsp"/> <property name="defaultTargetUrl" value="/"/> <property name="filterProcessesUrl" value="/j_acegi_cas_security_check"/> </bean> In web.xml i have the following definition for casfailed.jsp ( its necessary to declare error-page as i am using webwork) <error-page> <error-code>404</error-code> <location>/casfailed.jsp</location> </error-page> looks like i goofed up with error-page declaration.. ============================== 2. SSL issue warning With regard to the warning, i got to know from here, http://www.ja-sig.org/products/cas/server/ssl/index.html that its because hostname is not mentioned while configuring the certs. Well i could able to execute every command listed on the link except the last two, %JAVA_HOME%\bin\keytool -import -file server.crt -keypass mypass -keystore %JAVA_HOME%/jre/lib/security/cacerts %JAVA_HOME%\bin\keytool -import -file server.crt -keypass mypass i was always getting keytool help usage returned in the command prompt (also tried backslash \ to the path). Using java 1.5.0_09 on windows xp Thanks. _______________________________________________ Yale CAS mailing list [email protected] http://tp.its.yale.edu/mailman/listinfo/cas
_______________________________________________ Yale CAS mailing list [email protected] http://tp.its.yale.edu/mailman/listinfo/cas
