Hello i am trying to integrate shibboleth(shibboleth.internet2.edu) as
a tomcat application.
i am using central authentication
service(http://www.ja-sig.org/products/cas/) as my authentication
system.
when i try to accesses a protected directory by shibboleth, it
redirects me to the cas for login. then redirects me back to the
directory that i once try to access.
BUT
i get a error, that i think is a tomcat error. so hopefully some can
lead me in the correct direction.
here is the full error message:
HTTP Status 500 -
type Exception report
message
description The server encountered an internal error () that prevented
it from fulfilling this request.
exception
javax.servlet.ServletException: Unable to validate
ProxyTicketValidator [[edu.yale.its.tp.cas.client.ProxyTicketValidator
proxyList=[null] [edu.yale.its.tp.cas.client.ServiceTicketValidator
casValidateUrl=[https://dhcp193-203.njit.edu/cas/serviceValidate]
ticket=[ST-3-5WMcqBYRfplyqldpc5iW1ALK2WE3gZnXymr-20]
service=[https%3A%2F%2Fdhcp193-203.njit.edu%2Fshibboleth-idp%2FSSO%3Fshire%3Dhttps%253A%252F%252Fsp.testshib.org%252FShibboleth.sso%252FSAML%252FPOST%26time%3D1184773093%26target%3Dcookie%26providerId%3Dhttps%253A%252F%252Fsp.testshib.org%252Fshibboleth%252Ftestshib%252Fsp]
renew=false]]]
edu.yale.its.tp.cas.client.filter.CASFilter.doFilter(CASFilter.java:381)
root cause
edu.yale.its.tp.cas.client.CASAuthenticationException: Unable to
validate ProxyTicketValidator
[[edu.yale.its.tp.cas.client.ProxyTicketValidator proxyList=[null]
[edu.yale.its.tp.cas.client.ServiceTicketValidator
casValidateUrl=[https://dhcp193-203.njit.edu/cas/serviceValidate]
ticket=[ST-3-5WMcqBYRfplyqldpc5iW1ALK2WE3gZnXymr-20]
service=[https%3A%2F%2Fdhcp193-203.njit.edu%2Fshibboleth-idp%2FSSO%3Fshire%3Dhttps%253A%252F%252Fsp.testshib.org%252FShibboleth.sso%252FSAML%252FPOST%26time%3D1184773093%26target%3Dcookie%26providerId%3Dhttps%253A%252F%252Fsp.testshib.org%252Fshibboleth%252Ftestshib%252Fsp]
renew=false]]]
edu.yale.its.tp.cas.client.CASReceipt.getReceipt(CASReceipt.java:52)
edu.yale.its.tp.cas.client.filter.CASFilter.getAuthenticatedUser(CASFilter.java:455)
edu.yale.its.tp.cas.client.filter.CASFilter.doFilter(CASFilter.java:378)
root cause
javax.net.ssl.SSLHandshakeException:
sun.security.validator.ValidatorException: PKIX path building failed:
sun.security.provider.certpath.SunCertPathBuilderException: unable to
find valid certification path to requested target
com.sun.net.ssl.internal.ssl.Alerts.getSSLException(Alerts.java:150)
com.sun.net.ssl.internal.ssl.SSLSocketImpl.fatal(SSLSocketImpl.java:1518)
com.sun.net.ssl.internal.ssl.Handshaker.fatalSE(Handshaker.java:174)
com.sun.net.ssl.internal.ssl.Handshaker.fatalSE(Handshaker.java:168)
com.sun.net.ssl.internal.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:848)
com.sun.net.ssl.internal.ssl.ClientHandshaker.processMessage(ClientHandshaker.java:106)
com.sun.net.ssl.internal.ssl.Handshaker.processLoop(Handshaker.java:495)
com.sun.net.ssl.internal.ssl.Handshaker.process_record(Handshaker.java:433)
com.sun.net.ssl.internal.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:818)
com.sun.net.ssl.internal.ssl.SSLSocketImpl.performInitialHandshake(SSLSocketImpl.java:1030)
com.sun.net.ssl.internal.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1057)
com.sun.net.ssl.internal.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1041)
sun.net.www.protocol.https.HttpsClient.afterConnect (
HttpsClient.java:402)
sun.net.www.protocol.https.AbstractDelegateHttpsURLConnection.connect (
AbstractDelegateHttpsURLConnection.java:166)
sun.net.www.protocol.http.HttpURLConnection.getInputStream(HttpURLConnection.java:934)
sun.net.www.protocol.https.HttpsURLConnectionImpl.getInputStream (
HttpsURLConnectionImpl.java:234)
edu.yale.its.tp.cas.util.SecureURL.retrieve(SecureURL.java:84)
edu.yale.its.tp.cas.client.ServiceTicketValidator.validate(ServiceTicketValidator.java:212)
edu.yale.its.tp.cas.client.CASReceipt.getReceipt(CASReceipt.java:50)
edu.yale.its.tp.cas.client.filter.CASFilter.getAuthenticatedUser(CASFilter.java:455)
edu.yale.its.tp.cas.client.filter.CASFilter.doFilter(CASFilter.java:378)
root cause
sun.security.validator.ValidatorException: PKIX path building failed:
sun.security.provider.certpath.SunCertPathBuilderException: unable to
find valid certification path to requested target
sun.security.validator.PKIXValidator.doBuild (
PKIXValidator.java:221)
sun.security.validator.PKIXValidator.engineValidate (
PKIXValidator.java:145)
sun.security.validator.Validator.validate (
Validator.java:203)
com.sun.net.ssl.internal.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:172)
com.sun.net.ssl.internal.ssl.JsseX509TrustManager.checkServerTrusted(SSLContextImpl.java:320)
com.sun.net.ssl.internal.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:841)
com.sun.net.ssl.internal.ssl.ClientHandshaker.processMessage(ClientHandshaker.java:106)
com.sun.net.ssl.internal.ssl.Handshaker.processLoop(Handshaker.java:495)
com.sun.net.ssl.internal.ssl.Handshaker.process_record(Handshaker.java:433)
com.sun.net.ssl.internal.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:818)
com.sun.net.ssl.internal.ssl.SSLSocketImpl.performInitialHandshake(SSLSocketImpl.java:1030)
com.sun.net.ssl.internal.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1057)
com.sun.net.ssl.internal.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1041)
sun.net.www.protocol.https.HttpsClient.afterConnect (
HttpsClient.java:402)
sun.net.www.protocol.https.AbstractDelegateHttpsURLConnection.connect (
AbstractDelegateHttpsURLConnection.java:166)
sun.net.www.protocol.http.HttpURLConnection.getInputStream(HttpURLConnection.java:934)
sun.net.www.protocol.https.HttpsURLConnectionImpl.getInputStream (
HttpsURLConnectionImpl.java:234)
edu.yale.its.tp.cas.util.SecureURL.retrieve(SecureURL.java:84)
edu.yale.its.tp.cas.client.ServiceTicketValidator.validate(ServiceTicketValidator.java:212)
edu.yale.its.tp.cas.client.CASReceipt.getReceipt(CASReceipt.java:50)
edu.yale.its.tp.cas.client.filter.CASFilter.getAuthenticatedUser(CASFilter.java:455)
edu.yale.its.tp.cas.client.filter.CASFilter.doFilter(CASFilter.java:378)
root cause
sun.security.provider.certpath.SunCertPathBuilderException: unable to
find valid certification path to requested target
sun.security.provider.certpath.SunCertPathBuilder.engineBuild (
SunCertPathBuilder.java:236)
java.security.cert.CertPathBuilder.build (
CertPathBuilder.java:194)
sun.security.validator.PKIXValidator.doBuild (
PKIXValidator.java:216)
sun.security.validator.PKIXValidator.engineValidate (
PKIXValidator.java:145)
sun.security.validator.Validator.validate (
Validator.java:203)
com.sun.net.ssl.internal.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:172)
com.sun.net.ssl.internal.ssl.JsseX509TrustManager.checkServerTrusted(SSLContextImpl.java:320)
com.sun.net.ssl.internal.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:841)
com.sun.net.ssl.internal.ssl.ClientHandshaker.processMessage(ClientHandshaker.java:106)
com.sun.net.ssl.internal.ssl.Handshaker.processLoop(Handshaker.java:495)
com.sun.net.ssl.internal.ssl.Handshaker.process_record(Handshaker.java:433)
com.sun.net.ssl.internal.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:818)
com.sun.net.ssl.internal.ssl.SSLSocketImpl.performInitialHandshake(SSLSocketImpl.java:1030)
com.sun.net.ssl.internal.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1057)
com.sun.net.ssl.internal.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1041)
sun.net.www.protocol.https.HttpsClient.afterConnect (
HttpsClient.java:402)
sun.net.www.protocol.https.AbstractDelegateHttpsURLConnection.connect (
AbstractDelegateHttpsURLConnection.java:166)
sun.net.www.protocol.http.HttpURLConnection.getInputStream(HttpURLConnection.java:934)
sun.net.www.protocol.https.HttpsURLConnectionImpl.getInputStream (
HttpsURLConnectionImpl.java:234)
edu.yale.its.tp.cas.util.SecureURL.retrieve(SecureURL.java:84)
edu.yale.its.tp.cas.client.ServiceTicketValidator.validate(ServiceTicketValidator.java:212)
edu.yale.its.tp.cas.client.CASReceipt.getReceipt(CASReceipt.java:50)
edu.yale.its.tp.cas.client.filter.CASFilter.getAuthenticatedUser(CASFilter.java:455)
edu.yale.its.tp.cas.client.filter.CASFilter.doFilter(CASFilter.java:378)
note The full stack trace of the root cause is available in the Apache
Tomcat/5.5.23 logs.
Apache Tomcat/5.5.23
---------------------------------------------------------------------
To start a new topic, e-mail: users@(protected)
To unsubscribe, e-mail: users-unsubscribe@(protected)
For additional commands, e-mail: users-help@(protected)
