SSL Issue again

classic Classic list List threaded Threaded
4 messages Options
Reply | Threaded
Open this post in threaded view
|

SSL Issue again

Dmitry Kochelaev
Dear all,

I'm trying to use CAS together with Liferay. I have setup it on my
local machine (to setup SSL I've created a certificate for localhost)
and it works fine. Now I'm trying to setup it on test server
(test.evelopers.com). So I've created a certificate for host
test.evelopers.com, but while verifying the ticket it fails with
following exception. What can the problem be in?

2007-11-28 13:36:43,925 INFO  [STDOUT] 13:36:43,925 ERROR [CASReceipt]
edu.yale.its.tp.cas.client.CASAuthenticationException: Unable to
validate ProxyTicketValidator
[[edu.yale.its.tp.cas.client.ProxyTicketValidator proxyList=[null]
[edu.yale.its.tp.cas.client.ServiceTicketValidator
casValidateUrl=[https://test.evelopers.com/cas-web/proxyValidate]
ticket=[ST-2-Vt4bNAfm6vsULHrwyakpaRZ4vplFOr4BdiU-20]
service=[http%3A%2F%2Ftest.evelopers.com%2Fc%2Fportal%2Flogin]
renew=false]]]
2007-11-28 13:36:43,926 INFO  [STDOUT] 13:36:43,926 ERROR [CASFilter]
edu.yale.its.tp.cas.client.CASAuthenticationException: Unable to
validate ProxyTicketValidator
[[edu.yale.its.tp.cas.client.ProxyTicketValidator proxyList=[null]
[edu.yale.its.tp.cas.client.ServiceTicketValidator
casValidateUrl=[https://test.evelopers.com/cas-web/proxyValidate]
ticket=[ST-2-Vt4bNAfm6vsULHrwyakpaRZ4vplFOr4BdiU-20]
service=[http%3A%2F%2Ftest.evelopers.com%2Fc%2Fportal%2Flogin]
renew=false]]]
2007-11-28 13:36:43,930 INFO  [STDOUT] 13:36:43,928 ERROR [CASFilter]
javax.servlet.ServletException:
edu.yale.its.tp.cas.client.CASAuthenticationException: Unable to
validate ProxyTicketValidator
[[edu.yale.its.tp.cas.client.ProxyTicketValidator proxyList=[null]
[edu.yale.its.tp.cas.client.ServiceTicketValidator
casValidateUrl=[https://nxp.evelopers.com/cas-web/proxyValidate]
ticket=[ST-2-Vt4bNAfm6vsULHrwyakpaRZ4vplFOr4BdiU-20]
service=[http%3A%2F%2Ftest.evelopers.com%2Fc%2Fportal%2Flogin]
renew=false]]]
javax.servlet.ServletException:
edu.yale.its.tp.cas.client.CASAuthenticationException: Unable to
validate ProxyTicketValidator
[[edu.yale.its.tp.cas.client.ProxyTicketValidator proxyList=[null]
[edu.yale.its.tp.cas.client.ServiceTicketValidator
casValidateUrl=[https://test.evelopers.com/cas-web/proxyValidate]
ticket=[ST-2-Vt4bNAfm6vsULHrwyakpaRZ4vplFOr4BdiU-20]
service=[http%3A%2F%2Ftest.evelopers.com%2Fc%2Fportal%2Flogin]
renew=false]]]
        at edu.yale.its.tp.cas.client.filter.CASFilter.doFilter(CASFilter.java:381)
        at com.liferay.portal.servlet.filters.sso.cas.CASFilter.doFilter(CASFilter.java:93)
        at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:235)
        ....
Caused by: edu.yale.its.tp.cas.client.CASAuthenticationException:
Unable to validate ProxyTicketValidator
[[edu.yale.its.tp.cas.client.ProxyTicketValidator proxyList=[null]
[edu.yale.its.tp.cas.client.ServiceTicketValidator
casValidateUrl=[https://test.evelopers.com/cas-web/proxyValidate]
ticket=[ST-2-Vt4bNAfm6vsULHrwyakpaRZ4vplFOr4BdiU-20]
service=[http%3A%2F%2Ftest.evelopers.com%2Fc%2Fportal%2Flogin]
renew=false]]]
        at edu.yale.its.tp.cas.client.CASReceipt.getReceipt(CASReceipt.java:52)
        at edu.yale.its.tp.cas.client.filter.CASFilter.getAuthenticatedUser(CASFilter.java:455)
        at edu.yale.its.tp.cas.client.filter.CASFilter.doFilter(CASFilter.java:378)
        ... 26 more
Caused by: java.net.ConnectException: Connection refused
        at java.net.PlainSocketImpl.socketConnect(Native Method)
        at java.net.PlainSocketImpl.doConnect(PlainSocketImpl.java:333)
        ....


--
Best Regards,
 Dmitry Kochelaev
 Technical Leader, eVelopers corp.
_______________________________________________
Yale CAS mailing list
[hidden email]
http://tp.its.yale.edu/mailman/listinfo/cas
Reply | Threaded
Open this post in threaded view
|

Re: SSL Issue again

Matvey
Do you have any proxy in between? Because I'm not sure at the moment that it is SSL issuer. I've installed CAS server on 2 PCs, one is behind a firewall (with opened HTTP and SSL ports) and the second - in intranet. On the third PC is client application. I've imported there (to $JAVA_HOME/JRE/lib/security/cacerts) both certificates from both servers, but it works only with a CAS server in intranet, otherwise I get the same error message (connection refused) upon ticket validation. (see previouse message in queue).
Ciao


-----Original Message-----
From: "Dmitry Kochelaev" <[hidden email]>
To: "Yale CAS mailing list" <[hidden email]>
Date: Wed, 28 Nov 2007 13:45:35 +0300
Subject: SSL Issue again

>
> Dear all,
>
> I'm trying to use CAS together with Liferay. I have setup it on my
> local machine (to setup SSL I've created a certificate for localhost)
> and it works fine. Now I'm trying to setup it on test server
> (test.evelopers.com). So I've created a certificate for host
> test.evelopers.com, but while verifying the ticket it fails with
> following exception. What can the problem be in?
>
> 2007-11-28 13:36:43,925 INFO  [STDOUT] 13:36:43,925 ERROR [CASReceipt]
> edu.yale.its.tp.cas.client.CASAuthenticationException: Unable to
> validate ProxyTicketValidator
> [[edu.yale.its.tp.cas.client.ProxyTicketValidator proxyList=[null]
> [edu.yale.its.tp.cas.client.ServiceTicketValidator
> casValidateUrl=[https://test.evelopers.com/cas-web/proxyValidate]
> ticket=[ST-2-Vt4bNAfm6vsULHrwyakpaRZ4vplFOr4BdiU-20]
> service=[http%3A%2F%2Ftest.evelopers.com%2Fc%2Fportal%2Flogin]
> renew=false]]]
> 2007-11-28 13:36:43,926 INFO  [STDOUT] 13:36:43,926 ERROR [CASFilter]
> edu.yale.its.tp.cas.client.CASAuthenticationException: Unable to
> validate ProxyTicketValidator
> [[edu.yale.its.tp.cas.client.ProxyTicketValidator proxyList=[null]
> [edu.yale.its.tp.cas.client.ServiceTicketValidator
> casValidateUrl=[https://test.evelopers.com/cas-web/proxyValidate]
> ticket=[ST-2-Vt4bNAfm6vsULHrwyakpaRZ4vplFOr4BdiU-20]
> service=[http%3A%2F%2Ftest.evelopers.com%2Fc%2Fportal%2Flogin]
> renew=false]]]
> 2007-11-28 13:36:43,930 INFO  [STDOUT] 13:36:43,928 ERROR [CASFilter]
> javax.servlet.ServletException:
> edu.yale.its.tp.cas.client.CASAuthenticationException: Unable to
> validate ProxyTicketValidator
> [[edu.yale.its.tp.cas.client.ProxyTicketValidator proxyList=[null]
> [edu.yale.its.tp.cas.client.ServiceTicketValidator
> casValidateUrl=[https://nxp.evelopers.com/cas-web/proxyValidate]
> ticket=[ST-2-Vt4bNAfm6vsULHrwyakpaRZ4vplFOr4BdiU-20]
> service=[http%3A%2F%2Ftest.evelopers.com%2Fc%2Fportal%2Flogin]
> renew=false]]]
> javax.servlet.ServletException:
> edu.yale.its.tp.cas.client.CASAuthenticationException: Unable to
> validate ProxyTicketValidator
> [[edu.yale.its.tp.cas.client.ProxyTicketValidator proxyList=[null]
> [edu.yale.its.tp.cas.client.ServiceTicketValidator
> casValidateUrl=[https://test.evelopers.com/cas-web/proxyValidate]
> ticket=[ST-2-Vt4bNAfm6vsULHrwyakpaRZ4vplFOr4BdiU-20]
> service=[http%3A%2F%2Ftest.evelopers.com%2Fc%2Fportal%2Flogin]
> renew=false]]]
> at edu.yale.its.tp.cas.client.filter.CASFilter.doFilter(CASFilter.java:381)
> at com.liferay.portal.servlet.filters.sso.cas.CASFilter.doFilter(CASFilter.java:93)
> at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:235)
> ....
> Caused by: edu.yale.its.tp.cas.client.CASAuthenticationException:
> Unable to validate ProxyTicketValidator
> [[edu.yale.its.tp.cas.client.ProxyTicketValidator proxyList=[null]
> [edu.yale.its.tp.cas.client.ServiceTicketValidator
> casValidateUrl=[https://test.evelopers.com/cas-web/proxyValidate]
> ticket=[ST-2-Vt4bNAfm6vsULHrwyakpaRZ4vplFOr4BdiU-20]
> service=[http%3A%2F%2Ftest.evelopers.com%2Fc%2Fportal%2Flogin]
> renew=false]]]
> at edu.yale.its.tp.cas.client.CASReceipt.getReceipt(CASReceipt.java:52)
> at edu.yale.its.tp.cas.client.filter.CASFilter.getAuthenticatedUser(CASFilter.java:455)
> at edu.yale.its.tp.cas.client.filter.CASFilter.doFilter(CASFilter.java:378)
> ... 26 more
> Caused by: java.net.ConnectException: Connection refused
> at java.net.PlainSocketImpl.socketConnect(Native Method)
> at java.net.PlainSocketImpl.doConnect(PlainSocketImpl.java:333)
> ....
>
>
> --
> Best Regards,
>  Dmitry Kochelaev
>  Technical Leader, eVelopers corp.
> _______________________________________________
> Yale CAS mailing list
> [hidden email]
> http://tp.its.yale.edu/mailman/listinfo/cas
>
_______________________________________________
Yale CAS mailing list
[hidden email]
http://tp.its.yale.edu/mailman/listinfo/cas
Reply | Threaded
Open this post in threaded view
|

Re: SSL Issue again

Dmitry Kochelaev
No, there are no proxies. However, there is an Apache and all requests
to my JBoss go through it.
Do you happen to know what certificates and where should I generate?

On Nov 28, 2007 2:48 PM, Matteo Matteo <[hidden email]> wrote:

> Do you have any proxy in between? Because I'm not sure at the moment that it is SSL issuer. I've installed CAS server on 2 PCs, one is behind a firewall (with opened HTTP and SSL ports) and the second - in intranet. On the third PC is client application. I've imported there (to $JAVA_HOME/JRE/lib/security/cacerts) both certificates from both servers, but it works only with a CAS server in intranet, otherwise I get the same error message (connection refused) upon ticket validation. (see previouse message in queue).
> Ciao
>
>
>
> -----Original Message-----
> From: "Dmitry Kochelaev" <[hidden email]>
> To: "Yale CAS mailing list" <[hidden email]>
> Date: Wed, 28 Nov 2007 13:45:35 +0300
> Subject: SSL Issue again
>
> >
> > Dear all,
> >
> > I'm trying to use CAS together with Liferay. I have setup it on my
> > local machine (to setup SSL I've created a certificate for localhost)
> > and it works fine. Now I'm trying to setup it on test server
> > (test.evelopers.com). So I've created a certificate for host
> > test.evelopers.com, but while verifying the ticket it fails with
> > following exception. What can the problem be in?
> >
> > 2007-11-28 13:36:43,925 INFO  [STDOUT] 13:36:43,925 ERROR [CASReceipt]
> > edu.yale.its.tp.cas.client.CASAuthenticationException: Unable to
> > validate ProxyTicketValidator
> > [[edu.yale.its.tp.cas.client.ProxyTicketValidator proxyList=[null]
> > [edu.yale.its.tp.cas.client.ServiceTicketValidator
> > casValidateUrl=[https://test.evelopers.com/cas-web/proxyValidate]
> > ticket=[ST-2-Vt4bNAfm6vsULHrwyakpaRZ4vplFOr4BdiU-20]
> > service=[http%3A%2F%2Ftest.evelopers.com%2Fc%2Fportal%2Flogin]
> > renew=false]]]
> > 2007-11-28 13:36:43,926 INFO  [STDOUT] 13:36:43,926 ERROR [CASFilter]
> > edu.yale.its.tp.cas.client.CASAuthenticationException: Unable to
> > validate ProxyTicketValidator
> > [[edu.yale.its.tp.cas.client.ProxyTicketValidator proxyList=[null]
> > [edu.yale.its.tp.cas.client.ServiceTicketValidator
> > casValidateUrl=[https://test.evelopers.com/cas-web/proxyValidate]
> > ticket=[ST-2-Vt4bNAfm6vsULHrwyakpaRZ4vplFOr4BdiU-20]
> > service=[http%3A%2F%2Ftest.evelopers.com%2Fc%2Fportal%2Flogin]
> > renew=false]]]
> > 2007-11-28 13:36:43,930 INFO  [STDOUT] 13:36:43,928 ERROR [CASFilter]
> > javax.servlet.ServletException:
> > edu.yale.its.tp.cas.client.CASAuthenticationException: Unable to
> > validate ProxyTicketValidator
> > [[edu.yale.its.tp.cas.client.ProxyTicketValidator proxyList=[null]
> > [edu.yale.its.tp.cas.client.ServiceTicketValidator
> > casValidateUrl=[https://nxp.evelopers.com/cas-web/proxyValidate]
> > ticket=[ST-2-Vt4bNAfm6vsULHrwyakpaRZ4vplFOr4BdiU-20]
> > service=[http%3A%2F%2Ftest.evelopers.com%2Fc%2Fportal%2Flogin]
> > renew=false]]]
> > javax.servlet.ServletException:
> > edu.yale.its.tp.cas.client.CASAuthenticationException: Unable to
> > validate ProxyTicketValidator
> > [[edu.yale.its.tp.cas.client.ProxyTicketValidator proxyList=[null]
> > [edu.yale.its.tp.cas.client.ServiceTicketValidator
> > casValidateUrl=[https://test.evelopers.com/cas-web/proxyValidate]
> > ticket=[ST-2-Vt4bNAfm6vsULHrwyakpaRZ4vplFOr4BdiU-20]
> > service=[http%3A%2F%2Ftest.evelopers.com%2Fc%2Fportal%2Flogin]
> > renew=false]]]
> >       at edu.yale.its.tp.cas.client.filter.CASFilter.doFilter(CASFilter.java:381)
> >       at com.liferay.portal.servlet.filters.sso.cas.CASFilter.doFilter(CASFilter.java:93)
> >       at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:235)
> >       ....
> > Caused by: edu.yale.its.tp.cas.client.CASAuthenticationException:
> > Unable to validate ProxyTicketValidator
> > [[edu.yale.its.tp.cas.client.ProxyTicketValidator proxyList=[null]
> > [edu.yale.its.tp.cas.client.ServiceTicketValidator
> > casValidateUrl=[https://test.evelopers.com/cas-web/proxyValidate]
> > ticket=[ST-2-Vt4bNAfm6vsULHrwyakpaRZ4vplFOr4BdiU-20]
> > service=[http%3A%2F%2Ftest.evelopers.com%2Fc%2Fportal%2Flogin]
> > renew=false]]]
> >       at edu.yale.its.tp.cas.client.CASReceipt.getReceipt(CASReceipt.java:52)
> >       at edu.yale.its.tp.cas.client.filter.CASFilter.getAuthenticatedUser(CASFilter.java:455)
> >       at edu.yale.its.tp.cas.client.filter.CASFilter.doFilter(CASFilter.java:378)
> >       ... 26 more
> > Caused by: java.net.ConnectException: Connection refused
> >       at java.net.PlainSocketImpl.socketConnect(Native Method)
> >       at java.net.PlainSocketImpl.doConnect(PlainSocketImpl.java:333)
> >       ....
> >
> >
> > --
> > Best Regards,
> >  Dmitry Kochelaev
> >  Technical Leader, eVelopers corp.
> > _______________________________________________
> > Yale CAS mailing list
> > [hidden email]
> > http://tp.its.yale.edu/mailman/listinfo/cas
> >
> _______________________________________________
> Yale CAS mailing list
> [hidden email]
> http://tp.its.yale.edu/mailman/listinfo/cas
>



--
Best Regards,
 Dmitry Kochelaev
 Technical Leader, eVelopers corp.
_______________________________________________
Yale CAS mailing list
[hidden email]
http://tp.its.yale.edu/mailman/listinfo/cas
Reply | Threaded
Open this post in threaded view
|

Re: SSL Issue again

anithathota
This post has NOT been accepted by the mailing list yet.
In reply to this post by Dmitry Kochelaev