|
osdir.com mailing list archive F.A.Q. -since 2001! |
|
|
|
Subject: Re: Server certificate - msg#00269List: java.jasig.cas.user
by Date: Prev Next Date Index by Thread: Prev Next Thread Index
Hi,
I'm going to give an example about CAS login in differents hosts. I hope that it help you. IN THE CAS SERVER
$JAVA_HOME/bin/keytool -genkey -alias tomcat -keypass changeit -keyalg RSA $JAVA_HOME/bin/keytool -export -alias tomcat -keypass changeit -file server.crt $JAVA_HOME/bin/keytool -import -file server.crt -keypass changeit -keystore $JAVA_HOME/jre/lib/security/cacerts (as ROOT) $JAVA_HOME/bin/keytool -import -file server.crt -keypass changeit IN THE CLIENTE SERVER (different to CAS SERVER)
-- Edwin Miguel Triana Gómez
Thread at a glance:
Previous Message by Date:Re: CAS and passordBy default, CAS will not return or store the password. It can be modified to do so, but we don't recommend it.If your application allows you to plug in a custom authenticator, your best bet would be to pass a ServiceTicket as the password and then validate the service ticket. -ScottOn 5/30/07, Adrien Futschik <adrien.futschik-kcH4OoMoNbE4Q++5jOxPmw@xxxxxxxxxxxxxxxx> wrote: Hy !I don't know if this is the right adress to post this message, I hope so.I am trying to use CAS with a java application that requires login & passwordto work correctly. I know how to get the login via <%=request.getRemoteUser()%>, but I would like to do the same with thepassword. Is this possible ? I guess this is not the best way to set up SSO.Is there a way to plug values or attributes to the CAS ticket ? I mean, would it be possible to add other informations than just login ?I found this post, beeing the same problem as mine : http://www.mail-archive.com/acegisecurity-developer-5NWGOfrQmneRv+LV9MX5uipxlwaOVQ5f@xxxxxxxxxxxxxxxx/msg02412.htmlbut I can't figure out the solution.Please help.--Futschik AdrienAtos OriginTelephone : +33 (0) 6 17 14 65 68 +33 (0) 1 55 91 24 82_______________________________________________Yale CAS mailing listcas-c5E7yoNEsvRIM2btvs0Z1A@xxxxxxxxxxxxxxxx http://tp.its.yale.edu/mailman/listinfo/cas-- -Scott BattagliaLinkedIn: http://www.linkedin.com/in/scottbattaglia Next Message by Date:Re: Server certificateHi, My problem is that i can't generate certificate for host.sdomain.domain all applications are in the same host (host.sdomain.domain) i try access these application by internet. 2007/5/30, Edwin Miguel <edwintriana-Re5JQEeQqe8AvxtiuMwx3w@xxxxxxxxxxxxxxxx>: > Hi, > > I'm going to give an example about CAS login in differents hosts. I hope > that it help you. > > IN THE CAS SERVER > > Create the certificate with keytool, you can use something like that: > $JAVA_HOME/bin/keytool -delete -alias tomcat -keypass changeit > $JAVA_HOME/bin/keytool -genkey -alias tomcat -keypass changeit -keyalg RSA > $JAVA_HOME/bin/keytool -export -alias tomcat -keypass changeit -file > server.crt > $JAVA_HOME/bin/keytool -import -file server.crt -keypass changeit -keystore > $JAVA_HOME/jre/lib/security/cacerts (as ROOT) > $JAVA_HOME/bin/keytool -import -file server.crt -keypass changeit > > IN THE CLIENTE SERVER (different to CAS SERVER) > > Dowload the java file from: > http://blogs.sun.com/andreas/entry/no_more_unable_to_find > Compile the java file with javac ./InstallCert.java > Use the java class to import the certificated from the CAS SERVER with: java > InstallCert Hostname_of_casserver > the previous command creates a file called jssecacerts > Now, you can define in the JAVA_OPTS the truststore before to start the > server with: > export JAVA_OPTS=" > -Djavax.net.ssl.trustStore=/path/to/jssecacerts" > -- > Edwin Miguel Triana Gómez > > _______________________________________________ > Yale CAS mailing list > cas-c5E7yoNEsvRIM2btvs0Z1A@xxxxxxxxxxxxxxxx > http://tp.its.yale.edu/mailman/listinfo/cas > > Previous Message by Thread:Re: Server certificateHi, thanks for you response I tried to add certificat using keytool for host.domain but i realized that the generated certificate is for host. any idea? sorry for my bad english. 2007/5/29, Marvin S. Addison <serac-Lp/cVzEoVyZSRO9bworOjg@xxxxxxxxxxxxxxxx>: > > sun.security.validator.ValidatorException: PKIX path building failed: > > sun.security.provider.certpath.SunCertPathBuilderException: unable to > > find valid certification path to requested target > > This exception is normally caused by certificate trust issues. There > are two keystores of interest with CAS: > > 1. Tomcat (or other Web application container) keystore > 2. System truststore (truststore == keystore containing only > trustedCertEntry items) > > According to your stack trace, your application is having trouble with > the second. The CASFilter is attempting to make a connection to the CAS > server and failing likely because your system truststore does not > contain your CAS server certificate or its signing certificate chain, > either of which would be adequate for establishing trust. You can solve > this by importing the CAS server certificate (or its signing certificate > chain) into the system truststore ($JAVA_HOME/jre/lib/security/cacerts) > using the Java keytool utility. An alternative is to explicitly define > the system truststore via JVM startup parameters: > > -Djavax.net.ssl.trustStore=/path/to/keystore > -Djavax.net.ssl.trustStoreType=JKS > -Djavax.net.ssl.trustStorePassword=changeit > > where /path/to/keystore is an application-specific keystore created > using the Java keytool utility. > > http://java.sun.com/products/jsse/doc/guide/API_users_guide.html has > detailed information on keystores, truststores, and certificate trust. > > Hope that helps, > Marvin Addison > -- > Application Developer > Middleware Services > Virginia Tech > _______________________________________________ > Yale CAS mailing list > cas-c5E7yoNEsvRIM2btvs0Z1A@xxxxxxxxxxxxxxxx > http://tp.its.yale.edu/mailman/listinfo/cas > Next Message by Thread:Re: Server certificateHi, My problem is that i can't generate certificate for host.sdomain.domain all applications are in the same host (host.sdomain.domain) i try access these application by internet. 2007/5/30, Edwin Miguel <edwintriana-Re5JQEeQqe8AvxtiuMwx3w@xxxxxxxxxxxxxxxx>: > Hi, > > I'm going to give an example about CAS login in differents hosts. I hope > that it help you. > > IN THE CAS SERVER > > Create the certificate with keytool, you can use something like that: > $JAVA_HOME/bin/keytool -delete -alias tomcat -keypass changeit > $JAVA_HOME/bin/keytool -genkey -alias tomcat -keypass changeit -keyalg RSA > $JAVA_HOME/bin/keytool -export -alias tomcat -keypass changeit -file > server.crt > $JAVA_HOME/bin/keytool -import -file server.crt -keypass changeit -keystore > $JAVA_HOME/jre/lib/security/cacerts (as ROOT) > $JAVA_HOME/bin/keytool -import -file server.crt -keypass changeit > > IN THE CLIENTE SERVER (different to CAS SERVER) > > Dowload the java file from: > http://blogs.sun.com/andreas/entry/no_more_unable_to_find > Compile the java file with javac ./InstallCert.java > Use the java class to import the certificated from the CAS SERVER with: java > InstallCert Hostname_of_casserver > the previous command creates a file called jssecacerts > Now, you can define in the JAVA_OPTS the truststore before to start the > server with: > export JAVA_OPTS=" > -Djavax.net.ssl.trustStore=/path/to/jssecacerts" > -- > Edwin Miguel Triana Gómez > > _______________________________________________ > Yale CAS mailing list > cas-c5E7yoNEsvRIM2btvs0Z1A@xxxxxxxxxxxxxxxx > http://tp.its.yale.edu/mailman/listinfo/cas > >
blog comments powered by Disqus
|
|