I wrote a how to here: http://www.ja-sig.org/wiki/pages/viewpage.action?pageId=10649670
Perhaps you can try this how-to and help me to check whether it's correct. Regards, Shi Yusen/Beijing Langhua Ltd. 在 2008-02-19二的 15:51 +0100,Arthur Erdös写道: > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > Hello again ;) > > first of all kindly excuse my questions but I am completely new to SSL > and security issues... > > I have to install the server's certificate public key into my client JVM > in order to avoid the CASAuthenticationException "Unable to validate > ProxyTicketValidator". But do I have such a key with an self-signed > certificate?? I have only my server.crt file and nothing else... > > best regards > Arthur > > > Arthur Erdös schrieb: > > I found another post on the same issue at > > > > http://www.mail-archive.com/[email protected]/msg00135.html > > > > The explanation there points out that I have to install the server's > > certificate public key on my local machine where the client resides. If > > I look closer to your answer you say "the keystore of the client JVM", I > > should read the mails more carefully ;) > > > > Thx again, I'll try this immediatly > > > > > > > > Andrew Petro schrieb: > >> Arthur, > > > >> It appears your CAS server is using a self-signed SSL certificate. Have > >> you installed the public key of this certificate into the keystore of > >> the client JVM so that it knows to trust this SSL certificate and can > >> successfully https: request to CAS to validate the ticket? > > > >> SSL certificate installation issues are by far the most common cause of > >> inability to validate the ProxyTicketValidator in the Yale Java CAS Client. > > > >> Andrew > > > > > > > >> Arthur Erdös wrote: > >> Hello CAS experts ;) > > > >> finally I made it to get the CAS server deployed in Tomcat and SSL > >> working... Now I'm facing the next problem when being redirected from > >> the cas server: > > > >> CASAuthenticationException: Unable to validate ProxyTicketValidator > > > >> I'm testing the HelloWorld Servlet running on the local machine. The cas > >> server runs on an extern machine. > > > >> server catalina log: > > > >> [org.jasig.cas.authentication.AuthenticationManagerImpl] - > >> <AuthenticationHandler: > >> org.jasig.cas.authentication.handler.support.SimpleTestUsernamePasswordAuthenticationHandler > >> successfully authenticated the user which provided the following > >> credentials: uday> > >> 2008-02-18 18:58:34,389 INFO > >> [org.jasig.cas.CentralAuthenticationServiceImpl] - <Granted service > >> ticket [ST-4-k07YL5mH4zxYbOZccgKf] for service > >> [http://localhost:8180/servlets-examples/servlet/HelloWorldExample] for > >> user [uday]> > > > >> client catalina log: > > > >> 18.02.2008 17:10:12 edu.yale.its.tp.cas.client.CASReceipt getReceipt > >> SCHWERWIEGEND: edu.yale.its.tp.cas.client.CASAuthenticationException: > >> Unable to validate ProxyTicketValidator > >> [[edu.yale.its.tp.cas.client.ProxyTicketValidator proxyList=[null] > >> [edu.yale.its.tp.cas.client.ServiceTicketValidator > >> casValidateUrl=[https://secure.bg-server.de:8443/cas/serviceValidate] > >> ticket=[ST-4-k07YL5mH4zxYbOZccgKf] > >> service=[http%3A%2F%2Flocalhost%3A8180%2Fservlets-examples%2Fservlet%2FHelloWorldExample] > >> renew=false]]] > >> 18.02.2008 17:10:12 edu.yale.its.tp.cas.client.filter.CASFilter doFilter > >> SCHWERWIEGEND: edu.yale.its.tp.cas.client.CASAuthenticationException: > >> Unable to validate ProxyTicketValidator > >> [[edu.yale.its.tp.cas.client.ProxyTicketValidator proxyList=[null] > >> [edu.yale.its.tp.cas.client.ServiceTicketValidator > >> casValidateUrl=[https://secure.bg-server.de:8443/cas/serviceValidate] > >> ticket=[ST-4-k07YL5mH4zxYbOZccgKf] > >> service=[http%3A%2F%2Flocalhost%3A8180%2Fservlets-examples%2Fservlet%2FHelloWorldExample] > >> renew=false]]] > > > > > >> anybody an idea what is still missing?? > > > >> thx in advance! > > _______________________________________________ > > Yale CAS mailing list > > [email protected] > > http://tp.its.yale.edu/mailman/listinfo/cas > > > >> _______________________________________________ > >> Yale CAS mailing list > >> [email protected] > >> http://tp.its.yale.edu/mailman/listinfo/cas > _______________________________________________ > > -----BEGIN PGP SIGNATURE----- > Version: GnuPG v1.4.6 (GNU/Linux) > Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org > > iD8DBQFHuuzzdPoEKckmzw4RAkz0AJ4x8FYiHC0Gqwoyktv8zDDodKkvUwCgmlxf > zT6KAZyRwrdj4Xb5WUoD2nk= > =opo8 > -----END PGP SIGNATURE----- > _______________________________________________ > Yale CAS mailing list > [email protected] > http://tp.its.yale.edu/mailman/listinfo/cas _______________________________________________ Yale CAS mailing list [email protected] http://tp.its.yale.edu/mailman/listinfo/cas
