I UNDERSTAND. Ok...trying that now...thanks! Jen
On Fri, May 18, 2018 at 11:48 AM, Ray Bon <[email protected]> wrote: > Jen, > > You will need to install custom certs on both sides (CAS and > cas-management). The jvm is responsible for certificate processing, tomcat > only needs to know where it is to send it to the browser. > > sudo keytool -import -file ${certName} -alias ${aliasName} -keystore > $JAVA_HOME/jre/lib/security/cacerts > > https://apereo.github.io/cas/developer/Build-Process-5X.html#configure-ssl > > Ray > > On Fri, 2018-05-18 at 08:20 -0700, Jennifer LaVoie wrote: > > Yes. I understand the distinction...I was typing quickly :) > > I do get an error in my cas-management log about ssl - but my regular > /cas/login link loads just fine (self signed cert on this particular server) > > Caused by: sun.security.validator.ValidatorException: PKIX path building > failed: sun.security.provider.certpath.SunCertPathBuilderException: > unable to find valid certification path to requested target > at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:397) > ~[?:1.8.0_171] > at sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:302) > ~[?:1.8.0_171] > at sun.security.validator.Validator.validate(Validator.java:260) > ~[?:1.8.0_171] > at > sun.security.ssl.X509TrustManagerImpl.validate(X509TrustManagerImpl.java:324) > ~[?:1.8.0_171] > at > sun.security.ssl.X509TrustManagerImpl.checkTrusted(X509TrustManagerImpl.java:229) > ~[?:1.8.0_171] > at > sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:124) > ~[?:1.8.0_171] > at > sun.security.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:1596) > ~[?:1.8.0_171] > at sun.security.ssl.ClientHandshaker.processMessage(ClientHandshaker.java:216) > ~[?:1.8.0_171] > at sun.security.ssl.Handshaker.processLoop(Handshaker.java:1052) > ~[?:1.8.0_171] > at sun.security.ssl.Handshaker.process_record(Handshaker.java:987) > ~[?:1.8.0_171] > at sun.security.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:1072) > ~[?:1.8.0_171] > at > sun.security.ssl.SSLSocketImpl.performInitialHandshake(SSLSocketImpl.java:1385) > ~[?:1.8.0_171] > at sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1413) > ~[?:1.8.0_171] > at sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1397) > ~[?:1.8.0_171] > at sun.net.www.protocol.https.HttpsClient.afterConnect(HttpsClient.java:559) > ~[?:1.8.0_171] > at sun.net.www.protocol.https.AbstractDelegateHttpsURLConnection.connect( > AbstractDelegateHttpsURLConnection.java:185) ~[?:1.8.0_171] > at > sun.net.www.protocol.http.HttpURLConnection.getInputStream0(HttpURLConnection.java:1564) > ~[?:1.8.0_171] > at > sun.net.www.protocol.http.HttpURLConnection.getInputStream(HttpURLConnection.java:1492) > ~[?:1.8.0_171] > at sun.net.www.protocol.https.HttpsURLConnectionImpl.getInputStream( > HttpsURLConnectionImpl.java:263) ~[?:1.8.0_171] > at > org.jasig.cas.client.util.CommonUtils.getResponseFromServer(CommonUtils.java:431) > ~[cas-client-core-3.4.1.jar:3.4.1] > at org.jasig.cas.client.validation.AbstractCasProtocolUrlBasedTic > ketValidator.retrieveResponseFromServer(AbstractCasProtocolUrlBasedTicketValidator.java:41) > ~[cas-client-core-3.4.1.jar:3.4.1] > at org.jasig.cas.client.validation.AbstractUrlBasedTicketValidato > r.validate(AbstractUrlBasedTicketValidator.java:193) > ~[cas-client-core-3.4.1.jar:3.4.1] > at > org.pac4j.cas.credentials.authenticator.CasAuthenticator.validate(CasAuthenticator.java:61) > ~[pac4j-cas-2.2.0.jar:?] > at > org.pac4j.cas.client.direct.DirectCasClient.retrieveCredentials(DirectCasClient.java:68) > ~[pac4j-cas-2.2.0.jar:?] > at > org.pac4j.cas.client.direct.DirectCasClient.retrieveCredentials(DirectCasClient.java:37) > ~[pac4j-cas-2.2.0.jar:?] > at org.pac4j.core.client.DirectClient.getCredentials(DirectClient.java:44) > ~[pac4j-core-2.2.0.jar:?] > at > org.pac4j.core.engine.DefaultSecurityLogic.perform(DefaultSecurityLogic.java:113) > ~[pac4j-core-2.2.0.jar:?] > ... 72 more > Caused by: sun.security.provider.certpath.SunCertPathBuilderException: > unable to find valid certification path to requested target > at sun.security.provider.certpath.SunCertPathBuilder. > build(SunCertPathBuilder.java:141) ~[?:1.8.0_171] > at > sun.security.provider.certpath.SunCertPathBuilder.engineBuild(SunCertPathBuilder.java:126) > ~[?:1.8.0_171] > at java.security.cert.CertPathBuilder.build(CertPathBuilder.java:280) > ~[?:1.8.0_171] > at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:392) > ~[?:1.8.0_171] > at sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:302) > ~[?:1.8.0_171] > at sun.security.validator.Validator.validate(Validator.java:260) > ~[?:1.8.0_171] > at > sun.security.ssl.X509TrustManagerImpl.validate(X509TrustManagerImpl.java:324) > ~[?:1.8.0_171] > at > sun.security.ssl.X509TrustManagerImpl.checkTrusted(X509TrustManagerImpl.java:229) > ~[?:1.8.0_171] > at > sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:124) > ~[?:1.8.0_171] > at > sun.security.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:1596) > ~[?:1.8.0_171] > at sun.security.ssl.ClientHandshaker.processMessage(ClientHandshaker.java:216) > ~[?:1.8.0_171] > at sun.security.ssl.Handshaker.processLoop(Handshaker.java:1052) > ~[?:1.8.0_171] > at sun.security.ssl.Handshaker.process_record(Handshaker.java:987) > ~[?:1.8.0_171] > at sun.security.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:1072) > ~[?:1.8.0_171] > at > sun.security.ssl.SSLSocketImpl.performInitialHandshake(SSLSocketImpl.java:1385) > ~[?:1.8.0_171] > at sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1413) > ~[?:1.8.0_171] > at sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1397) > ~[?:1.8.0_171] > at sun.net.www.protocol.https.HttpsClient.afterConnect(HttpsClient.java:559) > ~[?:1.8.0_171] > at sun.net.www.protocol.https.AbstractDelegateHttpsURLConnection.connect( > AbstractDelegateHttpsURLConnection.java:185) ~[?:1.8.0_171] > at > sun.net.www.protocol.http.HttpURLConnection.getInputStream0(HttpURLConnection.java:1564) > ~[?:1.8.0_171] > at > sun.net.www.protocol.http.HttpURLConnection.getInputStream(HttpURLConnection.java:1492) > ~[?:1.8.0_171] > at sun.net.www.protocol.https.HttpsURLConnectionImpl.getInputStream( > HttpsURLConnectionImpl.java:263) ~[?:1.8.0_171] > at > org.jasig.cas.client.util.CommonUtils.getResponseFromServer(CommonUtils.java:431) > ~[cas-client-core-3.4.1.jar:3.4.1] > at org.jasig.cas.client.validation.AbstractCasProtocolUrlBasedTic > ketValidator.retrieveResponseFromServer(AbstractCasProtocolUrlBasedTicketValidator.java:41) > ~[cas-client-core-3.4.1.jar:3.4.1] > at org.jasig.cas.client.validation.AbstractUrlBasedTicketValidato > r.validate(AbstractUrlBasedTicketValidator.java:193) > ~[cas-client-core-3.4.1.jar:3.4.1] > at > org.pac4j.cas.credentials.authenticator.CasAuthenticator.validate(CasAuthenticator.java:61) > ~[pac4j-cas-2.2.0.jar:?] > at > org.pac4j.cas.client.direct.DirectCasClient.retrieveCredentials(DirectCasClient.java:68) > ~[pac4j-cas-2.2.0.jar:?] > at > org.pac4j.cas.client.direct.DirectCasClient.retrieveCredentials(DirectCasClient.java:37) > ~[pac4j-cas-2.2.0.jar:?] > at org.pac4j.core.client.DirectClient.getCredentials(DirectClient.java:44) > ~[pac4j-core-2.2.0.jar:?] > at > org.pac4j.core.engine.DefaultSecurityLogic.perform(DefaultSecurityLogic.java:113) > ~[pac4j-core-2.2.0.jar:?] > > > On Thursday, May 17, 2018 at 4:16:06 PM UTC-4, rbon wrote: > > Jen, > > I think you mean a cas-management error and not 'CAS error'. > Are CAS and cas-management running on the same tomcat? > Logging config for cas-management is in log4j2-management.xml which also > introduces cas-management.log. > > Ray > > On Thu, 2018-05-17 at 12:55 -0700, Jennifer LaVoie wrote: > > > nothing helpful in cas.log or catalina.out that I can see > > it seems to be CAS error because the leaf is on the tab and above the > error that I posted it says > > Cas Service Management > > Jen > > On Thursday, May 17, 2018 at 3:44:27 PM UTC-4, David Curry wrote: > > Haven't seen that one, that I can recall. > > Is that a CAS error (shows in a CAS-branded web page) or a Tomcat error? > > Do the logs (cas.log and/or catalina.out) say anything helpful? > > > > -- > > DAVID A. CURRY, CISSP > *DIRECTOR OF INFORMATION SECURITY* > INFORMATION TECHNOLOGY > > 71 FIFTH AVE., 9TH FL., NEW YORK, NY 10003 > <https://maps.google.com/?q=71+FIFTH+AVE.,+9TH+FL.,+NEW+YORK,+NY+10003&entry=gmail&source=g> > +1 212 229-5300 x4728 • [email protected] > > [image: The New School] > > On Thu, May 17, 2018 at 3:40 PM, Jennifer LaVoie <[email protected]> > wrote: > > I updated the management.properties file with some ports specifically > defined. And that is now working as expected... > > However, I get this > > The CAS management webapp is unavailable. > > There was an error trying to complete your request. Please notify your > support desk or try again. > > > > > > On Thursday, May 17, 2018 at 3:18:42 PM UTC-4, Jennifer LaVoie wrote: > > So I have followed all the steps here > > https://dacurry-tns.github.io/deploying-apereo-cas/building_ > svcmgmt_configure-webapp-properties.html > > (awesome site) > > And when I try to go to > > https://cashost:8443/cas-management > > I am redirected to here > > https://casserver.herokuapp.com/cas/login?service=https%3A% > 2F%2Fcashost%3A8443%2Fcas-management%2Fmanage.html > > I have already logged into my cas. > > What config file have I forgotten to change? > > Jen > > -- > - Website: https://apereo.github.io/cas > - Gitter Chatroom: https://gitter.im/apereo/cas > - List Guidelines: https://goo.gl/1VRrw7 > - Contributions: https://goo.gl/mh7qDG > --- > You received this message because you are subscribed to the Google Groups > "CAS Community" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to [email protected]. > To view this discussion on the web visit https://groups.google.com/a/ap > ereo.org/d/msgid/cas-user/53c3f120-14ec-41af-8447-1db0e37079 > 5e%40apereo.org > <https://groups.google.com/a/apereo.org/d/msgid/cas-user/53c3f120-14ec-41af-8447-1db0e370795e%40apereo.org?utm_medium=email&utm_source=footer> > . > > > > -- > Ray Bon > Programmer analyst > Development Services, University Systems > 2507218831 | CLE 019 | [email protected] > > > -- > Ray Bon > Programmer analyst > Development Services, University Systems > 2507218831 | CLE 019 | [email protected] > > -- > - Website: https://apereo.github.io/cas > - Gitter Chatroom: https://gitter.im/apereo/cas > - List Guidelines: https://goo.gl/1VRrw7 > - Contributions: https://goo.gl/mh7qDG > --- > You received this message because you are subscribed to the Google Groups > "CAS Community" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to [email protected]. > To view this discussion on the web visit https://groups.google.com/a/ > apereo.org/d/msgid/cas-user/1526658503.1817.105.camel%40uvic.ca > <https://groups.google.com/a/apereo.org/d/msgid/cas-user/1526658503.1817.105.camel%40uvic.ca?utm_medium=email&utm_source=footer> > . > -- "Confusion is a word we have invented for an order which is not understood." ~Henry Miller -- - Website: https://apereo.github.io/cas - Gitter Chatroom: https://gitter.im/apereo/cas - List Guidelines: https://goo.gl/1VRrw7 - Contributions: https://goo.gl/mh7qDG --- You received this message because you are subscribed to the Google Groups "CAS Community" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/CA%2Bwv1vGDkMzc06bUA1%3DWi2Yx439G6GODbTHPa5bFgBQM%3DhNhsg%40mail.gmail.com.
