-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Hello again ;)
first of all kindly excuse my questions but I am completely new to SSL and security issues... I have to install the server's certificate public key into my client JVM in order to avoid the CASAuthenticationException "Unable to validate ProxyTicketValidator". But do I have such a key with an self-signed certificate?? I have only my server.crt file and nothing else... best regards Arthur Arthur Erdös schrieb: > I found another post on the same issue at > > http://www.mail-archive.com/[email protected]/msg00135.html > > The explanation there points out that I have to install the server's > certificate public key on my local machine where the client resides. If > I look closer to your answer you say "the keystore of the client JVM", I > should read the mails more carefully ;) > > Thx again, I'll try this immediatly > > > > Andrew Petro schrieb: >> Arthur, > >> It appears your CAS server is using a self-signed SSL certificate. Have >> you installed the public key of this certificate into the keystore of >> the client JVM so that it knows to trust this SSL certificate and can >> successfully https: request to CAS to validate the ticket? > >> SSL certificate installation issues are by far the most common cause of >> inability to validate the ProxyTicketValidator in the Yale Java CAS Client. > >> Andrew > > > >> Arthur Erdös wrote: >> Hello CAS experts ;) > >> finally I made it to get the CAS server deployed in Tomcat and SSL >> working... Now I'm facing the next problem when being redirected from >> the cas server: > >> CASAuthenticationException: Unable to validate ProxyTicketValidator > >> I'm testing the HelloWorld Servlet running on the local machine. The cas >> server runs on an extern machine. > >> server catalina log: > >> [org.jasig.cas.authentication.AuthenticationManagerImpl] - >> <AuthenticationHandler: >> org.jasig.cas.authentication.handler.support.SimpleTestUsernamePasswordAuthenticationHandler >> successfully authenticated the user which provided the following >> credentials: uday> >> 2008-02-18 18:58:34,389 INFO >> [org.jasig.cas.CentralAuthenticationServiceImpl] - <Granted service >> ticket [ST-4-k07YL5mH4zxYbOZccgKf] for service >> [http://localhost:8180/servlets-examples/servlet/HelloWorldExample] for >> user [uday]> > >> client catalina log: > >> 18.02.2008 17:10:12 edu.yale.its.tp.cas.client.CASReceipt getReceipt >> SCHWERWIEGEND: edu.yale.its.tp.cas.client.CASAuthenticationException: >> Unable to validate ProxyTicketValidator >> [[edu.yale.its.tp.cas.client.ProxyTicketValidator proxyList=[null] >> [edu.yale.its.tp.cas.client.ServiceTicketValidator >> casValidateUrl=[https://secure.bg-server.de:8443/cas/serviceValidate] >> ticket=[ST-4-k07YL5mH4zxYbOZccgKf] >> service=[http%3A%2F%2Flocalhost%3A8180%2Fservlets-examples%2Fservlet%2FHelloWorldExample] >> renew=false]]] >> 18.02.2008 17:10:12 edu.yale.its.tp.cas.client.filter.CASFilter doFilter >> SCHWERWIEGEND: edu.yale.its.tp.cas.client.CASAuthenticationException: >> Unable to validate ProxyTicketValidator >> [[edu.yale.its.tp.cas.client.ProxyTicketValidator proxyList=[null] >> [edu.yale.its.tp.cas.client.ServiceTicketValidator >> casValidateUrl=[https://secure.bg-server.de:8443/cas/serviceValidate] >> ticket=[ST-4-k07YL5mH4zxYbOZccgKf] >> service=[http%3A%2F%2Flocalhost%3A8180%2Fservlets-examples%2Fservlet%2FHelloWorldExample] >> renew=false]]] > > >> anybody an idea what is still missing?? > >> thx in advance! > _______________________________________________ > Yale CAS mailing list > [email protected] > http://tp.its.yale.edu/mailman/listinfo/cas > >> _______________________________________________ >> Yale CAS mailing list >> [email protected] >> http://tp.its.yale.edu/mailman/listinfo/cas _______________________________________________ -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.6 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFHuuzzdPoEKckmzw4RAkz0AJ4x8FYiHC0Gqwoyktv8zDDodKkvUwCgmlxf zT6KAZyRwrdj4Xb5WUoD2nk= =opo8 -----END PGP SIGNATURE----- _______________________________________________ Yale CAS mailing list [email protected] http://tp.its.yale.edu/mailman/listinfo/cas
