Re: Playing around with the new java client: msg#00119 java.jasig.cas.user

Your certificate may not be in your JVM's cacerts file. Check out
http://www.ja-sig.org/products/cas/server/ssl/index.html

-Scott

On 12/15/06, Vinny <xaymaca-Re5JQEeQqe8AvxtiuMwx3w@xxxxxxxxxxxxxxxx> wrote:

When I hit my protected webapp , I am properly redirected to the the cas server , I login sucessfully (I think)
then get redirected back to my original page (service url?) and get the following exception:

javax.net.ssl.SSLPeerUnverifiedException: peer not authenticated
	at com.sun.net.ssl.internal.ssl.SSLSessionImpl.getPeerCertificateChain(SSLSessionImpl.java:394)
	at org.apache.commons.httpclient.contrib.ssl.StrictSSLProtocolSocketFactory.verifyHostname

(StrictSSLProtocolSocketFactory.java:280)
	at org.apache.commons.httpclient.contrib.ssl.StrictSSLProtocolSocketFactory.createSocket(StrictSSLProtocolSocketFactory.java:223)
	at org.apache.commons.httpclient.HttpConnection.open

(HttpConnection.java:706)
	at org.apache.commons.httpclient.MultiThreadedHttpConnectionManager$HttpConnectionAdapter.open(MultiThreadedHttpConnectionManager.java:1321)
	at org.apache.commons.httpclient.HttpMethodDirector.executeWithRetry

(HttpMethodDirector.java:386)
	at org.apache.commons.httpclient.HttpMethodDirector.executeMethod(HttpMethodDirector.java:170)
	at org.apache.commons.httpclient.HttpClient.executeMethod(HttpClient.java:396)
	at 
org.apache.commons.httpclient.HttpClient.executeMethod
(HttpClient.java:324)
	at org.jasig.cas.client.validation.AbstractUrlBasedTicketValidator.getResponseFromURL(AbstractUrlBasedTicketValidator.java:76)
	at org.jasig.cas.client.validation.AbstractUrlBasedTicketValidator.validate

(AbstractUrlBasedTicketValidator.java:46)
	at org.jasig.cas.client.web.filter.TicketValidationFilter.doFilterInternal(TicketValidationFilter.java:91)
	at org.jasig.cas.client.web.filter.AbstractCasFilter.doFilter
(AbstractCasFilter.java
:100)

now I am using a self-signed certificate with under the CN of localhost. Does httpclient have a problem with those?

--
Ghetto Java: http://www.ghettojava.com
_______________________________________________
Yale CAS mailing list
cas-c5E7yoNEsvRIM2btvs0Z1A@xxxxxxxxxxxxxxxx
http://tp.its.yale.edu/mailman/listinfo/cas

Previous by Date:	Re: Forcing HTTPS on login page., Scott Battaglia
Next by Date:	Re: CAS LDAP howto ?, Scott Battaglia
Previous by Thread:	Playing around with the new java client, Vinny
Next by Thread:	Re: Playing around with the new java client, Vinny
Indexes:	[Date] [Thread] [Top] [All Lists]