CAS SSO配置后,客户端请求登陆成功、回跳的时候报错

Hartwell 发布于 2012/03/30 14:47
阅读 8K+
收藏 1

cas server端正常运行,也可以登陆:

client 端的配置:

web.xml:

<filter>
		<filter-name>sso</filter-name>
		<filter-class>edu.yale.its.tp.cas.client.filter.CASFilter</filter-class>
		<init-param>
			<param-name>edu.yale.its.tp.cas.client.filter.loginUrl</param-name>
			<param-value>https://localho:8443/sso-server/login</param-value>
		</init-param>
		<init-param>
			<param-name>edu.yale.its.tp.cas.client.filter.validateUrl</param-name>
			<param-value>https://localhost:8443/sso-server/serviceValidate</param-value>
		</init-param>
		<init-param>
			<param-name>edu.yale.its.tp.cas.client.filter.serverName</param-name>
			<param-value>localho:8088</param-value>
		</init-param>
	</filter>
	<filter-mapping>
		<filter-name>sso</filter-name>
		<url-pattern>/*</url-pattern>
	</filter-mapping>

 现在访问客户端:http://localhost:port/project/自动跳转到https://localhost:8443/cas-server

验证登陆,也登陆成功,也获得了ticket,

但是回跳的时候,就报错了:

http://localhost:8088/castest1/?ticket=ST-2-4y6GgXW9ue3fd0Fg9CL6

HTTP Status 500 -

type Exception report

message

description The server encountered an internal error () that prevented it from fulfilling this request.

exception

javax.servlet.ServletException: edu.yale.its.tp.cas.client.CASAuthenticationException: Unable to validate ProxyTicketValidator [[edu.yale.its.tp.cas.client.ProxyTicketValidator proxyList=[null] [edu.yale.its.tp.cas.client.ServiceTicketValidator casValidateUrl=[https://www.sso-demo.com:8443/sso-server/serviceValidate] ticket=[ST-1-aptbOwbIcCvNn2zw6gtH] service=[http%3A%2F%2Fwww.sso-demo.com%3A8088%2Fcastest1%2F] renew=false]]]
	edu.yale.its.tp.cas.client.filter.CASFilter.doFilter(CASFilter.java:381)
	edu.yale.its.tp.cas.filter.EncodingFilter.doFilter(EncodingFilter.java:42)
root cause

edu.yale.its.tp.cas.client.CASAuthenticationException: Unable to validate ProxyTicketValidator [[edu.yale.its.tp.cas.client.ProxyTicketValidator proxyList=[null] [edu.yale.its.tp.cas.client.ServiceTicketValidator casValidateUrl=[https://www.sso-demo.com:8443/sso-server/serviceValidate] ticket=[ST-1-aptbOwbIcCvNn2zw6gtH] service=[http%3A%2F%2Fwww.sso-demo.com%3A8088%2Fcastest1%2F] renew=false]]]
	edu.yale.its.tp.cas.client.CASReceipt.getReceipt(CASReceipt.java:51)
	edu.yale.its.tp.cas.client.filter.CASFilter.getAuthenticatedUser(CASFilter.java:455)
	edu.yale.its.tp.cas.client.filter.CASFilter.doFilter(CASFilter.java:378)
	edu.yale.its.tp.cas.filter.EncodingFilter.doFilter(EncodingFilter.java:42)
root cause

javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
	com.sun.net.ssl.internal.ssl.Alerts.getSSLException(Alerts.java:174)
	com.sun.net.ssl.internal.ssl.SSLSocketImpl.fatal(SSLSocketImpl.java:1591)
	com.sun.net.ssl.internal.ssl.Handshaker.fatalSE(Handshaker.java:187)
	com.sun.net.ssl.internal.ssl.Handshaker.fatalSE(Handshaker.java:181)
	com.sun.net.ssl.internal.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:975)
	com.sun.net.ssl.internal.ssl.ClientHandshaker.processMessage(ClientHandshaker.java:123)
	com.sun.net.ssl.internal.ssl.Handshaker.processLoop(Handshaker.java:516)
	com.sun.net.ssl.internal.ssl.Handshaker.process_record(Handshaker.java:454)
	com.sun.net.ssl.internal.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:884)
	com.sun.net.ssl.internal.ssl.SSLSocketImpl.performInitialHandshake(SSLSocketImpl.java:1096)
	com.sun.net.ssl.internal.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1123)
	com.sun.net.ssl.internal.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1107)
	sun.net.www.protocol.https.HttpsClient.afterConnect(HttpsClient.java:405)
	sun.net.www.protocol.https.AbstractDelegateHttpsURLConnection.connect(AbstractDelegateHttpsURLConnection.java:166)
	sun.net.www.protocol.http.HttpURLConnection.getInputStream(HttpURLConnection.java:977)
	sun.net.www.protocol.https.HttpsURLConnectionImpl.getInputStream(HttpsURLConnectionImpl.java:234)
	edu.yale.its.tp.cas.util.SecureURL.retrieve(SecureURL.java:84)
	edu.yale.its.tp.cas.client.ServiceTicketValidator.validate(ServiceTicketValidator.java:212)
	edu.yale.its.tp.cas.client.CASReceipt.getReceipt(CASReceipt.java:49)
	edu.yale.its.tp.cas.client.filter.CASFilter.getAuthenticatedUser(CASFilter.java:455)
	edu.yale.its.tp.cas.client.filter.CASFilter.doFilter(CASFilter.java:378)
	edu.yale.its.tp.cas.filter.EncodingFilter.doFilter(EncodingFilter.java:42)
root cause

sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
	sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:285)
	sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:191)
	sun.security.validator.Validator.validate(Validator.java:218)
	com.sun.net.ssl.internal.ssl.X509TrustManagerImpl.validate(X509TrustManagerImpl.java:126)
	com.sun.net.ssl.internal.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:209)
	com.sun.net.ssl.internal.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:249)
	com.sun.net.ssl.internal.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:954)
	com.sun.net.ssl.internal.ssl.ClientHandshaker.processMessage(ClientHandshaker.java:123)
	com.sun.net.ssl.internal.ssl.Handshaker.processLoop(Handshaker.java:516)
	com.sun.net.ssl.internal.ssl.Handshaker.process_record(Handshaker.java:454)
	com.sun.net.ssl.internal.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:884)
	com.sun.net.ssl.internal.ssl.SSLSocketImpl.performInitialHandshake(SSLSocketImpl.java:1096)
	com.sun.net.ssl.internal.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1123)
	com.sun.net.ssl.internal.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1107)
	sun.net.www.protocol.https.HttpsClient.afterConnect(HttpsClient.java:405)
	sun.net.www.protocol.https.AbstractDelegateHttpsURLConnection.connect(AbstractDelegateHttpsURLConnection.java:166)
	sun.net.www.protocol.http.HttpURLConnection.getInputStream(HttpURLConnection.java:977)
	sun.net.www.protocol.https.HttpsURLConnectionImpl.getInputStream(HttpsURLConnectionImpl.java:234)
	edu.yale.its.tp.cas.util.SecureURL.retrieve(SecureURL.java:84)
	edu.yale.its.tp.cas.client.ServiceTicketValidator.validate(ServiceTicketValidator.java:212)
	edu.yale.its.tp.cas.client.CASReceipt.getReceipt(CASReceipt.java:49)
	edu.yale.its.tp.cas.client.filter.CASFilter.getAuthenticatedUser(CASFilter.java:455)
	edu.yale.its.tp.cas.client.filter.CASFilter.doFilter(CASFilter.java:378)
	edu.yale.its.tp.cas.filter.EncodingFilter.doFilter(EncodingFilter.java:42)
root cause

sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
	sun.security.provider.certpath.SunCertPathBuilder.engineBuild(SunCertPathBuilder.java:174)
	java.security.cert.CertPathBuilder.build(CertPathBuilder.java:238)
	sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:280)
	sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:191)
	sun.security.validator.Validator.validate(Validator.java:218)
	com.sun.net.ssl.internal.ssl.X509TrustManagerImpl.validate(X509TrustManagerImpl.java:126)
	com.sun.net.ssl.internal.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:209)
	com.sun.net.ssl.internal.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:249)
	com.sun.net.ssl.internal.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:954)
	com.sun.net.ssl.internal.ssl.ClientHandshaker.processMessage(ClientHandshaker.java:123)
	com.sun.net.ssl.internal.ssl.Handshaker.processLoop(Handshaker.java:516)
	com.sun.net.ssl.internal.ssl.Handshaker.process_record(Handshaker.java:454)
	com.sun.net.ssl.internal.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:884)
	com.sun.net.ssl.internal.ssl.SSLSocketImpl.performInitialHandshake(SSLSocketImpl.java:1096)
	com.sun.net.ssl.internal.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1123)
	com.sun.net.ssl.internal.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1107)
	sun.net.www.protocol.https.HttpsClient.afterConnect(HttpsClient.java:405)
	sun.net.www.protocol.https.AbstractDelegateHttpsURLConnection.connect(AbstractDelegateHttpsURLConnection.java:166)
	sun.net.www.protocol.http.HttpURLConnection.getInputStream(HttpURLConnection.java:977)
	sun.net.www.protocol.https.HttpsURLConnectionImpl.getInputStream(HttpsURLConnectionImpl.java:234)
	edu.yale.its.tp.cas.util.SecureURL.retrieve(SecureURL.java:84)
	edu.yale.its.tp.cas.client.ServiceTicketValidator.validate(ServiceTicketValidator.java:212)
	edu.yale.its.tp.cas.client.CASReceipt.getReceipt(CASReceipt.java:49)
	edu.yale.its.tp.cas.client.filter.CASFilter.getAuthenticatedUser(CASFilter.java:455)
	edu.yale.its.tp.cas.client.filter.CASFilter.doFilter(CASFilter.java:378)
	edu.yale.its.tp.cas.filter.EncodingFilter.doFilter(EncodingFilter.java:42)
note The full stack trace of the root cause is available in the Apache Tomcat/6.0.29 logs.

以下是问题补充:

@Hartwell:找其他资料,说不能用localhost和ip,我修改了windows下的hosts文件,添加:www.sso-demo.com,做测试也是相同的报错 (2012/03/30 15:05)
加载中
0
寒兮

你的JDK证书有问题,TOmcat用的JDK和你到证书的JDK是同一个JDK

杨子江
杨子江
这个意识是不能是同一个JDK ,是么?
Hartwell
Hartwell
确实如此,最后把cer证书导入到jre,成功!
0
铂金苍鹰
铂金苍鹰
被骗了,果断记仇
0
ft0603
ft0603

您好,请问tomcat使用的信任证书路径怎么找?

 

 

0
苏睿

ssl证书技术支持中心技术文档 :

http://www.etsec.com.cn/service/guide/

 

返回顶部
顶部