Subject: Re: errorwithorg.jasig.cas.adaptors.ldap.util.AuthenticatedLdapContextSource - msg#00091

Previous Message by Date: click to view message preview

Re: error withorg.jasig.cas.adaptors.ldap.util.AuthenticatedLdapContextSource

Can you try and turn higher debugging on for the org.jasig classes also? It seems like there should be more output.Thanks-ScottOn 10/17/06, Laurent Domenech <domenela-hLEZQOUd2fpGWvitb5QawA@xxxxxxxxxxxxxxxx> wrote: This is what I have in the login-webflow.xml file about the submit button:    <view-state id="viewLoginForm" view="casLoginView">  <transition on="submit" to="bindAndValidate" /> </view-state>  <action-state id="bindAndValidate">  <action bean="authenticationViaFormAction" />  <transition on="success" to="submit" />  <transition on="error" to="viewLoginForm" /> </action-state>  <action-state id="submit">  <action bean="authenticationViaFormAction" method="submit" />  <transition on="warn" to="warn" />  <transition on="success" to="sendTicketGrantingTicket" />  <transition on="error" to="viewLoginForm" /> </action-state> Does it mean that I don't have the authenticationViaFormAction bean? If yes, where is it supposed to be?   Thanks, Laurent ----- Original Message ----- From: Scott Battaglia To: Yale CAS mailing list Sent: Tuesday, October 17, 2006 3:27 PM Subject: Re: error withorg.jasig.cas.adaptors.ldap.util.AuthenticatedLdapContextSource Its just that this part of the log<<[org.springframework.webflow .execution.impl.RequestControlContextImpl] -<Signaling event 'submit' in state 'submit' of flow 'login-webflow'> 2006-10-17 11:09:47,514 DEBUG[org.springframework.webflow.execution.impl.FlowExecutionImpl] - <Attemptingto handle exception[org.springframework.webflow.ActionState$NoMatchingActionResultTransitionException: Cannot find a transition matching an action result event; continuingwith next action...]>>>>would indicate it went to transition from the event "submit" and it couldn't find where to go. -Scott On 10/17/06, Laurent Domenech <domenela-hLEZQOUd2fpGWvitb5QawA@xxxxxxxxxxxxxxxx> wrote: Hi Scott,No, it's still the default one. Was I supposed to change something in it?Thanks,Laurent----- Original Message -----From: "Scott Battaglia" < scott.battaglia-Re5JQEeQqe8AvxtiuMwx3w@xxxxxxxxxxxxxxxx>Did you modify your login flow xml file at all and change any of the events?-ScottOn 10/17/06, Laurent Domenech <domenela at ensieta.fr > wrote:>> Again, thanks a lot for your time Scott.>> I've turned all logging to DEBUG. It generates a lot of traces in> catalina.out. I'm just copying here a portion of it (I hope it will be > useful...)>> Best regards,> Laurent>_______________________________________________Yale CAS mailing listcas-c5E7yoNEsvRIM2btvs0Z1A@xxxxxxxxxxxxxxxx http://tp.its.yale.edu/mailman/listinfo/cas _______________________________________________Yale CAS mailing listcas-c5E7yoNEsvRIM2btvs0Z1A@xxxxxxxxxxxxxxxx http://tp.its.yale.edu/mailman/listinfo/cas _______________________________________________Yale CAS mailing listcas-c5E7yoNEsvRIM2btvs0Z1A@xxxxxxxxxxxxxxxx http://tp.its.yale.edu/mailman/listinfo/cas

Next Message by Date: click to view message preview

ldaps connection pb

Hello, I'm trying to do an ldaps connection from the CAS server (running over tomcat+ssl on linux) to the M$ ActiveDirectory server. I've been given the AD certificate. It seems to be fine as I've setup the ldap client on the linux box to use this certificate and a test PHP script works with the ldaps:// URL. The message I'm getting is copied below. The error is "unable to find valid certification path to requested target". I have read the doc (http://www.ja-sig.org/products/cas/server/ssl/index.html) about having a certificate with the DNS name and not an IP address. I believe it's the case and there's no IP address in the message. I would like to make sure it is a problem with the certificate but I start to think it's something else. The whole thing already generates a lot of log but if there is more logging available, I'll try to enable it. Thanks for your help, Laurent 2006-10-18 14:09:07,956 DEBUG [org.springframework.webflow.execution.impl.FlowExecutionImpl] - <Attempting to handle exception [org.springframework.webflow.ActionExecutionException: Exception thrown executing [AnnotatedAction@e8e3b0 targetAction = org.jasig.cas.web.flow.AuthenticationViaFormAction@786e17, attributes = map['method' -> 'submit']] in state 'submit' of flow 'login-webflow' -- action execution properties where 'map['method' -> 'submit']'; nested exception is org.springframework.dao.DataRetrievalFailureException: Unable to communicate with LDAP server; nested exception is javax.naming.CommunicationException: simple bind failed: boulez.ensieta.ecole:636 [Root exception is javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target]]> 2006-10-18 14:09:07,956 DEBUG [org.springframework.webflow.execution.impl.FlowExecutionImpl] - <Rethrowing unhandled state exception> 2006-10-18 14:09:07,956 DEBUG [org.springframework.web.servlet.DispatcherServlet] - <Cleared thread-bound request context: org.apache.catalina.connector.RequestFacade@1e668d0> 2006-10-18 14:09:07,962 DEBUG [org.springframework.web.servlet.DispatcherServlet] - <Could not complete request> org.springframework.webflow.ActionExecutionException: Exception thrown executing [AnnotatedAction@e8e3b0 targetAction = org.jasig.cas.web.flow.AuthenticationViaFormAction@786e17, attributes = map['method' -> 'submit']] in state 'submit' of flow 'login-webflow' -- action execution properties where 'map['method' -> 'submit']'; nested exception is org.springframework.dao.DataRetrievalFailureException: Unable to communicate with LDAP server; nested exception is javax.naming.CommunicationException: simple bind failed: boulez.ensieta.ecole:636 [Root exception is javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target] Caused by: org.springframework.dao.DataRetrievalFailureException: Unable to communicate with LDAP server; nested exception is javax.naming.CommunicationException: simple bind failed: boulez.ensieta.ecole:636 [Root exception is javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target] Caused by: javax.naming.CommunicationException: simple bind failed: boulez.ensieta.ecole:636 [Root exception is javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target] at com.sun.jndi.ldap.LdapClient.authenticate(LdapClient.java:197) at com.sun.jndi.ldap.LdapCtx.connect(LdapCtx.java:2637) at com.sun.jndi.ldap.LdapCtx.<init>(LdapCtx.java:283) at com.sun.jndi.ldap.LdapCtxFactory.getUsingURL(LdapCtxFactory.java:175) at com.sun.jndi.ldap.LdapCtxFactory.getUsingURLs(LdapCtxFactory.java:193) at com.sun.jndi.ldap.LdapCtxFactory.getLdapCtxInstance(LdapCtxFactory.java:136) at com.sun.jndi.ldap.LdapCtxFactory.getInitialContext(LdapCtxFactory.java:66) at javax.naming.spi.NamingManager.getInitialContext(NamingManager.java:667) at javax.naming.InitialContext.getDefaultInitCtx(InitialContext.java:247) at javax.naming.InitialContext.init(InitialContext.java:223) at javax.naming.ldap.InitialLdapContext.<init>(InitialLdapContext.java:134) at net.sf.ldaptemplate.support.LdapContextSource.getDirContextInstance(LdapCont extSource.java:45) at net.sf.ldaptemplate.support.AbstractContextSource.createContext(AbstractCont extSource.java:194) at net.sf.ldaptemplate.support.AbstractContextSource.getReadOnlyContext(Abstrac tContextSource.java:105) at net.sf.ldaptemplate.LdapTemplate.search(LdapTemplate.java:194) at org.jasig.cas.adaptors.ldap.BindLdapAuthenticationHandler.authenticateUserna mePasswordInternal(BindLdapAuthenticationHandler.java:71) at org.jasig.cas.authentication.handler.support.AbstractUsernamePasswordAuthent icationHandler.authenticate(AbstractUsernamePasswordAuthenticationHandler.ja va:58) at org.jasig.cas.authentication.AuthenticationManagerImpl.authenticate(Authenti cationManagerImpl.java:79) at org.jasig.cas.CentralAuthenticationServiceImpl.createTicketGrantingTicket(Ce ntralAuthenticationServiceImpl.java:282) at org.jasig.cas.web.flow.AuthenticationViaFormAction.submit(AuthenticationViaF ormAction.java:116) at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39 ) at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl .java:25) at java.lang.reflect.Method.invoke(Method.java:585) at org.springframework.webflow.util.DispatchMethodInvoker.invoke(DispatchMethod Invoker.java:105) at org.springframework.webflow.action.MultiAction.doExecute(MultiAction.java:13 6) at org.springframework.webflow.action.AbstractAction.execute(AbstractAction.jav a:204) at org.springframework.webflow.AnnotatedAction.execute(AnnotatedAction.java:139 ) at org.springframework.webflow.ActionExecutor.execute(ActionExecutor.java:58) at org.springframework.webflow.ActionState.doEnter(ActionState.java:176) at org.springframework.webflow.State.enter(State.java:194) at org.springframework.webflow.Transition.execute(Transition.java:220) at org.springframework.webflow.TransitionableState.onEvent(TransitionableState. java:102) at org.springframework.webflow.Flow.onEvent(Flow.java:603) at org.springframework.webflow.execution.impl.RequestControlContextImpl.signalE vent(RequestControlContextImpl.java:199) at org.springframework.webflow.ActionState.doEnter(ActionState.java:180) at org.springframework.webflow.State.enter(State.java:194) at org.springframework.webflow.Transition.execute(Transition.java:220) at org.springframework.webflow.TransitionableState.onEvent(TransitionableState. java:102) at org.springframework.webflow.Flow.onEvent(Flow.java:603) at org.springframework.webflow.execution.impl.RequestControlContextImpl.signalE vent(RequestControlContextImpl.java:199) at org.springframework.webflow.execution.impl.FlowExecutionImpl.signalEvent(Flo wExecutionImpl.java:193) at org.springframework.webflow.executor.FlowExecutorImpl.signalEvent(FlowExecut orImpl.java:228) at org.springframework.webflow.executor.support.FlowRequestHandler.handleFlowRe quest(FlowRequestHandler.java:113) at org.springframework.webflow.executor.mvc.FlowController.handleRequestInterna l(FlowController.java:199) at org.springframework.web.servlet.mvc.AbstractController.handleRequest(Abstrac tController.java:153) at org.springframework.web.servlet.mvc.SimpleControllerHandlerAdapter.handle(Si mpleControllerHandlerAdapter.java:45) at org.springframework.web.servlet.DispatcherServlet.doDispatch(DispatcherServl et.java:798) at org.springframework.web.servlet.DispatcherServlet.doService(DispatcherServle t.java:728) at org.springframework.web.servlet.FrameworkServlet.processRequest(FrameworkSer vlet.java:396) at org.springframework.web.servlet.FrameworkServlet.doPost(FrameworkServlet.jav a:360) at javax.servlet.http.HttpServlet.service(HttpServlet.java:709) at javax.servlet.http.HttpServlet.service(HttpServlet.java:802) at org.jasig.cas.web.init.SafeDispatcherServlet.service(SafeDispatcherServlet.j ava:115) at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(Application FilterChain.java:252) at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterCh ain.java:173) at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.ja va:213) at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.ja va:178) at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:126 ) at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:105 ) at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java :107) at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:148) at org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:869) at org.apache.coyote.http11.Http11BaseProtocol$Http11ConnectionHandler.processC onnection(Http11BaseProtocol.java:664) at org.apache.tomcat.util.net.PoolTcpEndpoint.processSocket(PoolTcpEndpoint.jav a:527) at org.apache.tomcat.util.net.LeaderFollowerWorkerThread.runIt(LeaderFollowerWo rkerThread.java:80) at org.apache.tomcat.util.threads.ThreadPool$ControlRunnable.run(ThreadPool.jav a:684) at java.lang.Thread.run(Thread.java:595) Caused by: javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target at com.sun.net.ssl.internal.ssl.Alerts.getSSLException(Alerts.java:150) at com.sun.net.ssl.internal.ssl.SSLSocketImpl.fatal(SSLSocketImpl.java:1518) at com.sun.net.ssl.internal.ssl.Handshaker.fatalSE(Handshaker.java:174) at com.sun.net.ssl.internal.ssl.Handshaker.fatalSE(Handshaker.java:168) at com.sun.net.ssl.internal.ssl.ClientHandshaker.serverCertificate(ClientHandsh aker.java:848) at com.sun.net.ssl.internal.ssl.ClientHandshaker.processMessage(ClientHandshake r.java:106) at com.sun.net.ssl.internal.ssl.Handshaker.processLoop(Handshaker.java:495) at com.sun.net.ssl.internal.ssl.Handshaker.process_record(Handshaker.java:433) at com.sun.net.ssl.internal.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:818 ) at com.sun.net.ssl.internal.ssl.SSLSocketImpl.performInitialHandshake(SSLSocket Impl.java:1030) at com.sun.net.ssl.internal.ssl.SSLSocketImpl.writeRecord(SSLSocketImpl.java:62 2) at com.sun.net.ssl.internal.ssl.AppOutputStream.write(AppOutputStream.java:59) at java.io.BufferedOutputStream.flushBuffer(BufferedOutputStream.java:65) at java.io.BufferedOutputStream.flush(BufferedOutputStream.java:123) at com.sun.jndi.ldap.Connection.writeRequest(Connection.java:390) at com.sun.jndi.ldap.LdapClient.ldapBind(LdapClient.java:334) at com.sun.jndi.ldap.LdapClient.authenticate(LdapClient.java:192) ... 67 more Caused by: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:221) at sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:145) at sun.security.validator.Validator.validate(Validator.java:203) at com.sun.net.ssl.internal.ssl.X509TrustManagerImpl.checkServerTrusted(X509Tru stManagerImpl.java:172) at com.sun.net.ssl.internal.ssl.JsseX509TrustManager.checkServerTrusted(SSLCont extImpl.java:320) at com.sun.net.ssl.internal.ssl.ClientHandshaker.serverCertificate(ClientHandsh aker.java:841) ... 79 more Caused by: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target at sun.security.provider.certpath.SunCertPathBuilder.engineBuild(SunCertPathBui lder.java:236) at java.security.cert.CertPathBuilder.build(CertPathBuilder.java:194) at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:216) ... 84 more 2006-10-18 14:09:07,969 DEBUG [org.springframework.web.context.support.XmlWebApplicationContext] - <Publishing event in context [WebApplicationContext for namespace 'cas-servlet']: ServletRequestHandledEvent: url=[/cas/login]; client=[172.20.2.43]; method=[POST]; servlet=[cas]; session=[34B015C6A65795FA4F6C6935F50BAAB0]; user=[null]; time=[126ms]; status=[failed: org.springframework.webflow.ActionExecutionException: Exception thrown executing [AnnotatedAction@e8e3b0 targetAction = org.jasig.cas.web.flow.AuthenticationViaFormAction@786e17, attributes = map['method' -> 'submit']] in state 'submit' of flow 'login-webflow' -- action execution properties where 'map['method' -> 'submit']'; nested exception is org.springframework.dao.DataRetrievalFailureException: Unable to communicate with LDAP server; nested exception is javax.naming.CommunicationException: simple bind failed: boulez.ensieta.ecole:636 [Root exception is javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target]]> 2006-10-18 14:09:07,970 DEBUG [org.springframework.web.context.support.XmlWebApplicationContext] - <Publishing event in context [Root WebApplicationContext]: ServletRequestHandledEvent: url=[/cas/login]; client=[172.20.2.43]; method=[POST]; servlet=[cas]; session=[34B015C6A65795FA4F6C6935F50BAAB0]; user=[null]; time=[126ms]; status=[failed: org.springframework.webflow.ActionExecutionException: Exception thrown executing [AnnotatedAction@e8e3b0 targetAction = org.jasig.cas.web.flow.AuthenticationViaFormAction@786e17, attributes = map['method' -> 'submit']] in state 'submit' of flow 'login-webflow' -- action execution properties where 'map['method' -> 'submit']'; nested exception is org.springframework.dao.DataRetrievalFailureException: Unable to communicate with LDAP server; nested exception is javax.naming.CommunicationException: simple bind failed: boulez.ensieta.ecole:636 [Root exception is javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target]]> 2006-10-18 14:09:07,971 ERROR [org.apache.catalina.core.ContainerBase.[Catalina].[localhost].[/cas].[cas]] - <"Servlet.service()" pour la servlet cas a généré une exception> javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target at com.sun.net.ssl.internal.ssl.Alerts.getSSLException(Alerts.java:150) at com.sun.net.ssl.internal.ssl.SSLSocketImpl.fatal(SSLSocketImpl.java:1518) at com.sun.net.ssl.internal.ssl.Handshaker.fatalSE(Handshaker.java:174) at com.sun.net.ssl.internal.ssl.Handshaker.fatalSE(Handshaker.java:168) at com.sun.net.ssl.internal.ssl.ClientHandshaker.serverCertificate(ClientHandsh aker.java:848) at com.sun.net.ssl.internal.ssl.ClientHandshaker.processMessage(ClientHandshake r.java:106) at com.sun.net.ssl.internal.ssl.Handshaker.processLoop(Handshaker.java:495) at com.sun.net.ssl.internal.ssl.Handshaker.process_record(Handshaker.java:433) at com.sun.net.ssl.internal.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:818 ) at com.sun.net.ssl.internal.ssl.SSLSocketImpl.performInitialHandshake(SSLSocket Impl.java:1030) at com.sun.net.ssl.internal.ssl.SSLSocketImpl.writeRecord(SSLSocketImpl.java:62 2) at com.sun.net.ssl.internal.ssl.AppOutputStream.write(AppOutputStream.java:59) at java.io.BufferedOutputStream.flushBuffer(BufferedOutputStream.java:65) at java.io.BufferedOutputStream.flush(BufferedOutputStream.java:123) at com.sun.jndi.ldap.Connection.writeRequest(Connection.java:390) at com.sun.jndi.ldap.LdapClient.ldapBind(LdapClient.java:334) at com.sun.jndi.ldap.LdapClient.authenticate(LdapClient.java:192) at com.sun.jndi.ldap.LdapCtx.connect(LdapCtx.java:2637) at com.sun.jndi.ldap.LdapCtx.<init>(LdapCtx.java:283) at com.sun.jndi.ldap.LdapCtxFactory.getUsingURL(LdapCtxFactory.java:175) at com.sun.jndi.ldap.LdapCtxFactory.getUsingURLs(LdapCtxFactory.java:193) at com.sun.jndi.ldap.LdapCtxFactory.getLdapCtxInstance(LdapCtxFactory.java:136) at com.sun.jndi.ldap.LdapCtxFactory.getInitialContext(LdapCtxFactory.java:66) at javax.naming.spi.NamingManager.getInitialContext(NamingManager.java:667) at javax.naming.InitialContext.getDefaultInitCtx(InitialContext.java:247) at javax.naming.InitialContext.init(InitialContext.java:223) at javax.naming.ldap.InitialLdapContext.<init>(InitialLdapContext.java:134) at net.sf.ldaptemplate.support.LdapContextSource.getDirContextInstance(LdapCont extSource.java:45) at net.sf.ldaptemplate.support.AbstractContextSource.createContext(AbstractCont extSource.java:194) at net.sf.ldaptemplate.support.AbstractContextSource.getReadOnlyContext(Abstrac tContextSource.java:105) at net.sf.ldaptemplate.LdapTemplate.search(LdapTemplate.java:194) at org.jasig.cas.adaptors.ldap.BindLdapAuthenticationHandler.authenticateUserna mePasswordInternal(BindLdapAuthenticationHandler.java:71) at org.jasig.cas.authentication.handler.support.AbstractUsernamePasswordAuthent icationHandler.authenticate(AbstractUsernamePasswordAuthenticationHandler.ja va:58) at org.jasig.cas.authentication.AuthenticationManagerImpl.authenticate(Authenti cationManagerImpl.java:79) at org.jasig.cas.CentralAuthenticationServiceImpl.createTicketGrantingTicket(Ce ntralAuthenticationServiceImpl.java:282) at org.jasig.cas.web.flow.AuthenticationViaFormAction.submit(AuthenticationViaF ormAction.java:116) at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39 ) at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl .java:25) at java.lang.reflect.Method.invoke(Method.java:585) at org.springframework.webflow.util.DispatchMethodInvoker.invoke(DispatchMethod Invoker.java:105) at org.springframework.webflow.action.MultiAction.doExecute(MultiAction.java:13 6) at org.springframework.webflow.action.AbstractAction.execute(AbstractAction.jav a:204) at org.springframework.webflow.AnnotatedAction.execute(AnnotatedAction.java:139 ) at org.springframework.webflow.ActionExecutor.execute(ActionExecutor.java:58) at org.springframework.webflow.ActionState.doEnter(ActionState.java:176) at org.springframework.webflow.State.enter(State.java:194) at org.springframework.webflow.Transition.execute(Transition.java:220) at org.springframework.webflow.TransitionableState.onEvent(TransitionableState. java:102) at org.springframework.webflow.Flow.onEvent(Flow.java:603) at org.springframework.webflow.execution.impl.RequestControlContextImpl.signalE vent(RequestControlContextImpl.java:199) at org.springframework.webflow.ActionState.doEnter(ActionState.java:180) at org.springframework.webflow.State.enter(State.java:194) at org.springframework.webflow.Transition.execute(Transition.java:220) at org.springframework.webflow.TransitionableState.onEvent(TransitionableState. java:102) at org.springframework.webflow.Flow.onEvent(Flow.java:603) at org.springframework.webflow.execution.impl.RequestControlContextImpl.signalE vent(RequestControlContextImpl.java:199) at org.springframework.webflow.execution.impl.FlowExecutionImpl.signalEvent(Flo wExecutionImpl.java:193) at org.springframework.webflow.executor.FlowExecutorImpl.signalEvent(FlowExecut orImpl.java:228) at org.springframework.webflow.executor.support.FlowRequestHandler.handleFlowRe quest(FlowRequestHandler.java:113) at org.springframework.webflow.executor.mvc.FlowController.handleRequestInterna l(FlowController.java:199) at org.springframework.web.servlet.mvc.AbstractController.handleRequest(Abstrac tController.java:153) at org.springframework.web.servlet.mvc.SimpleControllerHandlerAdapter.handle(Si mpleControllerHandlerAdapter.java:45) at org.springframework.web.servlet.DispatcherServlet.doDispatch(DispatcherServl et.java:798) at org.springframework.web.servlet.DispatcherServlet.doService(DispatcherServle t.java:728) at org.springframework.web.servlet.FrameworkServlet.processRequest(FrameworkSer vlet.java:396) at org.springframework.web.servlet.FrameworkServlet.doPost(FrameworkServlet.jav a:360) at javax.servlet.http.HttpServlet.service(HttpServlet.java:709) at javax.servlet.http.HttpServlet.service(HttpServlet.java:802) at org.jasig.cas.web.init.SafeDispatcherServlet.service(SafeDispatcherServlet.j ava:115) at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(Application FilterChain.java:252) at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterCh ain.java:173) at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.ja va:213) at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.ja va:178) at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:126 ) at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:105 ) at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java :107) at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:148) at org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:869) at org.apache.coyote.http11.Http11BaseProtocol$Http11ConnectionHandler.processC onnection(Http11BaseProtocol.java:664) at org.apache.tomcat.util.net.PoolTcpEndpoint.processSocket(PoolTcpEndpoint.jav a:527) at org.apache.tomcat.util.net.LeaderFollowerWorkerThread.runIt(LeaderFollowerWo rkerThread.java:80) at org.apache.tomcat.util.threads.ThreadPool$ControlRunnable.run(ThreadPool.jav a:684) at java.lang.Thread.run(Thread.java:595) Caused by: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:221) at sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:145) at sun.security.validator.Validator.validate(Validator.java:203) at com.sun.net.ssl.internal.ssl.X509TrustManagerImpl.checkServerTrusted(X509Tru stManagerImpl.java:172) at com.sun.net.ssl.internal.ssl.JsseX509TrustManager.checkServerTrusted(SSLCont extImpl.java:320) at com.sun.net.ssl.internal.ssl.ClientHandshaker.serverCertificate(ClientHandsh aker.java:841) ... 79 more Caused by: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target at sun.security.provider.certpath.SunCertPathBuilder.engineBuild(SunCertPathBui lder.java:236) at java.security.cert.CertPathBuilder.build(CertPathBuilder.java:194) at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:216) ... 84 more

Previous Message by Thread: click to view message preview

Re: error withorg.jasig.cas.adaptors.ldap.util.AuthenticatedLdapContextSource

Can you try and turn higher debugging on for the org.jasig classes also? It seems like there should be more output.Thanks-ScottOn 10/17/06, Laurent Domenech <domenela-hLEZQOUd2fpGWvitb5QawA@xxxxxxxxxxxxxxxx> wrote: This is what I have in the login-webflow.xml file about the submit button:    <view-state id="viewLoginForm" view="casLoginView">  <transition on="submit" to="bindAndValidate" /> </view-state>  <action-state id="bindAndValidate">  <action bean="authenticationViaFormAction" />  <transition on="success" to="submit" />  <transition on="error" to="viewLoginForm" /> </action-state>  <action-state id="submit">  <action bean="authenticationViaFormAction" method="submit" />  <transition on="warn" to="warn" />  <transition on="success" to="sendTicketGrantingTicket" />  <transition on="error" to="viewLoginForm" /> </action-state> Does it mean that I don't have the authenticationViaFormAction bean? If yes, where is it supposed to be?   Thanks, Laurent ----- Original Message ----- From: Scott Battaglia To: Yale CAS mailing list Sent: Tuesday, October 17, 2006 3:27 PM Subject: Re: error withorg.jasig.cas.adaptors.ldap.util.AuthenticatedLdapContextSource Its just that this part of the log<<[org.springframework.webflow .execution.impl.RequestControlContextImpl] -<Signaling event 'submit' in state 'submit' of flow 'login-webflow'> 2006-10-17 11:09:47,514 DEBUG[org.springframework.webflow.execution.impl.FlowExecutionImpl] - <Attemptingto handle exception[org.springframework.webflow.ActionState$NoMatchingActionResultTransitionException: Cannot find a transition matching an action result event; continuingwith next action...]>>>>would indicate it went to transition from the event "submit" and it couldn't find where to go. -Scott On 10/17/06, Laurent Domenech <domenela-hLEZQOUd2fpGWvitb5QawA@xxxxxxxxxxxxxxxx> wrote: Hi Scott,No, it's still the default one. Was I supposed to change something in it?Thanks,Laurent----- Original Message -----From: "Scott Battaglia" < scott.battaglia-Re5JQEeQqe8AvxtiuMwx3w@xxxxxxxxxxxxxxxx>Did you modify your login flow xml file at all and change any of the events?-ScottOn 10/17/06, Laurent Domenech <domenela at ensieta.fr > wrote:>> Again, thanks a lot for your time Scott.>> I've turned all logging to DEBUG. It generates a lot of traces in> catalina.out. I'm just copying here a portion of it (I hope it will be > useful...)>> Best regards,> Laurent>_______________________________________________Yale CAS mailing listcas-c5E7yoNEsvRIM2btvs0Z1A@xxxxxxxxxxxxxxxx http://tp.its.yale.edu/mailman/listinfo/cas _______________________________________________Yale CAS mailing listcas-c5E7yoNEsvRIM2btvs0Z1A@xxxxxxxxxxxxxxxx http://tp.its.yale.edu/mailman/listinfo/cas _______________________________________________Yale CAS mailing listcas-c5E7yoNEsvRIM2btvs0Z1A@xxxxxxxxxxxxxxxx http://tp.its.yale.edu/mailman/listinfo/cas

Next Message by Thread: click to view message preview

Re: To configure client to access CAS Filter

Hi,    Can I set some attribute in session in CAS.    If yes ,how  On 9/29/06, zheng.guozhu <zhenggz-Re5JQEeQqe8AvxtiuMwx3w@xxxxxxxxxxxxxxxx> wrote: Manisha,Because the CAS filter requests the validation information through SSL channel. It works when you deploy both the CAS server and filter because they are using the same JVM with the same certification keystore. If the CAS filter is deployed in the other server with a different JVM, you must export the certification file from the server and import it into the filter server. There maybe exist a Wiki page of manual, pls check it. Zheng Guozhu On 9/29/06, Manisha Satija < manishasatija-Re5JQEeQqe8AvxtiuMwx3w@xxxxxxxxxxxxxxxx> wrote: Hi, When I deploy CAS ans Sample Application on the same server it works fine, but when I deployed them on two different server it gives me the cas login screen , but After login I gets Exception as  SEVERE: Servlet.service() for servlet HelloServlet threw exceptionjavax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException : unable to find valid certification path to requested target at com.sun.net.ssl.internal.ssl.Alerts.getSSLException(Unknown Source) at com.sun.net.ssl.internal.ssl.SSLSocketImpl.fatal(Unknown Source) at com.sun.net.ssl.internal.ssl.Handshaker.fatalSE (Unknown Source) at com.sun.net.ssl.internal.ssl.Handshaker.fatalSE(Unknown Source) at com.sun.net.ssl.internal.ssl.ClientHandshaker.serverCertificate(Unknown Source) at com.sun.net.ssl.internal.ssl.ClientHandshaker.processMessage (Unknown Source) at com.sun.net.ssl.internal.ssl.Handshaker.processLoop(Unknown Source) at com.sun.net.ssl.internal.ssl.Handshaker.process_record(Unknown Source) at com.sun.net.ssl.internal.ssl.SSLSocketImpl.readRecord (Unknown Source) at com.sun.net.ssl.internal.ssl.SSLSocketImpl.performInitialHandshake(Unknown Source) at com.sun.net.ssl.internal.ssl.SSLSocketImpl.startHandshake(Unknown Source) at sun.net.www.protocol.https.HttpsClient.afterConnect (Unknown Source) at sun.net.www.protocol.https.AbstractDelegateHttpsURLConnection.connect(Unknown Source) at sun.net.www.protocol.http.HttpURLConnection.getInputStream(Unknown Source) at sun.net.www.protocol.https.HttpsURLConnectionImpl.getInputStream (Unknown Source) at edu.yale.its.tp.cas.util.SecureURL.retrieve(SecureURL.java:84) at edu.yale.its.tp.cas.client.ServiceTicketValidator.validate(ServiceTicketValidator.java:212) at edu.yale.its.tp.cas.client.filter.CASFilter.getAuthenticatedUser (CASFilter.java:100) at edu.yale.its.tp.cas.client.filter.CASFilter.doFilter(CASFilter.java:73) at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:186) at org.apache.catalina.core.ApplicationFilterChain.doFilter (ApplicationFilterChain.java:157) at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:214) at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:178) at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:126) at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:105) at org.apache.catalina.core.StandardEngineValve.invoke (StandardEngineValve.java:107) at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:148) at org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:825) at org.apache.coyote.http11.Http11Protocol$Http11ConnectionHandler.processConnection (Http11Protocol.java:731) at org.apache.tomcat.util.net.PoolTcpEndpoint.processSocket(PoolTcpEndpoint.java:526) at org.apache.tomcat.util.net.LeaderFollowerWorkerThread.runIt(LeaderFollowerWorkerThread.java:80)  at org.apache.tomcat.util.threads.ThreadPool$ControlRunnable.run(ThreadPool.java:684) at java.lang.Thread.run(Unknown Source)Caused by: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException : unable to find valid certification path to requested target at sun.security.validator.PKIXValidator.doBuild(Unknown Source) at sun.security.validator.PKIXValidator.engineValidate(Unknown Source) at sun.security.validator.Validator.validate (Unknown Source) at com.sun.net.ssl.internal.ssl.X509TrustManagerImpl.checkServerTrusted(Unknown Source) at com.sun.net.ssl.internal.ssl.JsseX509TrustManager.checkServerTrusted(Unknown Source) ... 29 more Caused by: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target at sun.security.provider.certpath.SunCertPathBuilder.engineBuild(Unknown Source) at java.security.cert.CertPathBuilder.build (Unknown Source) ... 34 more  Thank You   Regards, Manisha  On 9/28/06, Scott Battaglia < scott.battaglia-Re5JQEeQqe8AvxtiuMwx3w@xxxxxxxxxxxxxxxx > wrote: You'll want to configure the new application similar to the current application such that when you attempt to access /sample it will redirect you to CAS which will recognize the existing SSO session. -Scott On 9/28/06, Manisha Satija < manishasatija-Re5JQEeQqe8AvxtiuMwx3w@xxxxxxxxxxxxxxxx > wrote: Hi,     I have deployed CAS and portal application on server and in web xml file of portal i have given the entries as below <filter>    <filter-name>CAS Filter</filter-name>    <filter-class>edu.yale.its.tp.cas.client.filter.CASFilter</filter-class>    <init-param>      <param-name> edu.yale.its.tp.cas.client.filter.loginUrl</param-name>      <param-value>https://portalserver:8443/cas/login </param-value>    </init-param>     <init-param>      <param-name>edu.yale.its.tp.cas.client.filter.validateUrl</param-name>      <param-value> https://portalserver:8443/cas/proxyValidate </param-value>    </init-param>    <init-param>      <param-name>edu.yale.its.tp.cas.client.filter.serviceUrl</param-name>       <param-value> http://portalserver:8080/casSample/index.jsp</param-value>     </init-param>  </filter>  <filter-mapping>    <filter-name>CAS Filter</filter-name>    <url-pattern>/*</url-pattern>  </filter-mapping>     <servlet>        <servlet-name>HelloServlet</servlet-name>         <servlet-class>mypackage.Hello</servlet-class>    </servlet>     <servlet-mapping>        <servlet-name>HelloServlet</servlet-name>        <url-pattern>/hello</url-pattern>    </servlet-mapping>   Its working fine when i hit the url of portal its give me cas login page and after authentication i log into the portal  index page.   In index page i have given the link of   sample application which is stored in another server say clientserver. I want that when i hit the link say http://clientserver:8080/sample I should be allowed to access the application without reauthentication but with ticket so that I can aceess the user in clientserver and the their session within two server should be same. But if I hit the url http://clientserver:8080/sample  through address bar without logging into portalserver I should be redirected to the cas login pagefor authetication.   So can you suggest be any solution for it and also what will the entries in my web xml of sample application on clientserver.   Thank You in advance.   Regards, Manisha    On 9/27/06, Manisha Satija <manishasatija-Re5JQEeQqe8AvxtiuMwx3w@xxxxxxxxxxxxxxxx > wrote: no its proxyValidate On 9/27/06, Frank Taffelt < frank.taffelt-fDpYTK8McCx7nbfGLMhGZOI/K5iOj0IV@xxxxxxxxxxxxxxxx> wrote: MMS21 wrote:<init-param>> <param-name>edu.yale.its.tp.cas.client.filter.validateUrl </param-name>> <param-value>https://server:8443/cas/proxyValidate</param-value> > </init-param>are you sure that you don't mean   https://server:8443/cas/serviceValidate instead https://server:8443/cas/proxyValidate ?Frank_______________________________________________ Yale CAS mailing listcas-c5E7yoNEsvRIM2btvs0Z1A@xxxxxxxxxxxxxxxx http://tp.its.yale.edu/mailman/listinfo/cas_______________________________________________Yale CAS mailing list cas-c5E7yoNEsvRIM2btvs0Z1A@xxxxxxxxxxxxxxxx http://tp.its.yale.edu/mailman/listinfo/cas_______________________________________________Yale CAS mailing list cas-c5E7yoNEsvRIM2btvs0Z1A@xxxxxxxxxxxxxxxxhttp://tp.its.yale.edu/mailman/listinfo/cas _______________________________________________Yale CAS mailing list cas-c5E7yoNEsvRIM2btvs0Z1A@xxxxxxxxxxxxxxxxhttp://tp.its.yale.edu/mailman/listinfo/cas _______________________________________________Yale CAS mailing listcas-c5E7yoNEsvRIM2btvs0Z1A@xxxxxxxxxxxxxxxx http://tp.its.yale.edu/mailman/listinfo/cas