Hello,
I am facing same issue so can you tell me how you created certificate and
share your admusers.properties file once
ISSUE:
CAS is unable to process this request: "500:Internal Server Error"
org.pac4j.core.exception.TechnicalException: java.lang.RuntimeException:
javax.net.ssl.SSLHandshakeException: No subject alternative names present
at
org.pac4j.core.engine.DefaultSecurityLogic.perform(DefaultSecurityLogic.java:170)
at
org.pac4j.springframework.web.SecurityInterceptor.preHandle(SecurityInterceptor.java:65)
at
org.pac4j.springframework.web.SecurityInterceptor$$FastClassBySpringCGLIB$$efdcf9fe.invoke(<generated>)
at org.springframework.cglib.proxy.MethodProxy.invoke(MethodProxy.java:204)
at
org.springframework.aop.framework.CglibAopProxy$CglibMethodInvocation.invokeJoinpoint(CglibAopProxy.java:738)
at
org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:157)
at
org.springframework.aop.support.DelegatingIntroductionInterceptor.doProceed(DelegatingIntroductionInterceptor.java:133)
at
org.springframework.aop.support.DelegatingIntroductionInterceptor.invoke(DelegatingIntroductionInterceptor.java:121)
at
org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:179)
at
org.springframework.aop.framework.CglibAopProxy$DynamicAdvisedInterceptor.intercept(CglibAopProxy.java:673)
at
org.pac4j.springframework.web.SecurityInterceptor$$EnhancerBySpringCGLIB$$577bc7b.preHandle(<generated>)
at
org.apereo.cas.config.CasSecurityContextConfiguration$CasAdminStatusInterceptor.preHandle(CasSecurityContextConfiguration.java:155)
at
org.springframework.web.servlet.HandlerExecutionChain.applyPreHandle(HandlerExecutionChain.java:133)
at
org.springframework.web.servlet.DispatcherServlet.doDispatch(DispatcherServlet.java:962)
at
org.springframework.web.servlet.DispatcherServlet.doService(DispatcherServlet.java:901)
at
org.springframework.web.servlet.FrameworkServlet.processRequest(FrameworkServlet.java:970)
at
org.springframework.web.servlet.FrameworkServlet.doGet(FrameworkServlet.java:861)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:634) at
org.springframework.web.servlet.FrameworkServlet.service(FrameworkServlet.java:846)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:741) at
org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:231)
at
org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166)
at org.apache.tomcat.websocket.server.WsFilter.doFilter(WsFilter.java:52)
at
org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193)
at
org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166)
at
org.apereo.cas.web.support.AuthenticationCredentialsLocalBinderClearingFilter.doFilter(AuthenticationCredentialsLocalBinderClearingFilter.java:28)
at
org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193)
at
org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166)
at
org.apereo.cas.security.RequestParameterPolicyEnforcementFilter.doFilter(RequestParameterPolicyEnforcementFilter.java:261)
at
org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193)
at
org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166)
at
org.apereo.cas.security.ResponseHeadersEnforcementFilter.doFilter(ResponseHeadersEnforcementFilter.java:245)
at
org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193)
at
org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166)
at
org.springframework.boot.actuate.trace.WebRequestTraceFilter.doFilterInternal(WebRequestTraceFilter.java:111)
at
org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:107)
at
org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193)
at
org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166)
at
org.springframework.web.filter.RequestContextFilter.doFilterInternal(RequestContextFilter.java:99)
at
org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:107)
at
org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193)
at
org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166)
at
org.springframework.web.filter.HttpPutFormContentFilter.doFilterInternal(HttpPutFormContentFilter.java:109)
at
org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:107)
at
org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193)
at
org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166)
at
org.springframework.web.filter.HiddenHttpMethodFilter.doFilterInternal(HiddenHttpMethodFilter.java:81)
at
org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:107)
at
org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193)
at
org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166)
at
org.apereo.cas.logging.web.ThreadContextMDCServletFilter.doFilter(ThreadContextMDCServletFilter.java:93)
at
org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193)
at
org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166)
at
org.springframework.boot.actuate.autoconfigure.MetricsFilter.doFilterInternal(MetricsFilter.java:106)
at
org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:107)
at
org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193)
at
org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166)
at
org.springframework.web.filter.CharacterEncodingFilter.doFilterInternal(CharacterEncodingFilter.java:197)
at
org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:107)
at
org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193)
at
org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166)
at
org.springframework.boot.web.support.ErrorPageFilter.doFilter(ErrorPageFilter.java:117)
at
org.springframework.boot.web.support.ErrorPageFilter.access$000(ErrorPageFilter.java:61)
at
org.springframework.boot.web.support.ErrorPageFilter$1.doFilterInternal(ErrorPageFilter.java:92)
at
org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:107)
at
org.springframework.boot.web.support.ErrorPageFilter.doFilter(ErrorPageFilter.java:110)
at
org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193)
at
org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166)
at
org.apereo.inspektr.common.web.ClientInfoThreadLocalFilter.doFilter(ClientInfoThreadLocalFilter.java:66)
at
org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193)
at
org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166)
at
org.apache.logging.log4j.web.Log4jServletFilter.doFilter(Log4jServletFilter.java:71)
at
org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193)
at
org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166)
at
org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:199)
at
org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:96)
at
org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:528)
at
org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:139)
at
org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:81)
at
org.apache.catalina.valves.AbstractAccessLogValve.invoke(AbstractAccessLogValve.java:678)
at org.apache.catalina.valves.RemoteIpValve.invoke(RemoteIpValve.java:747)
at
org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:87)
at
org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:343)
at
org.apache.coyote.http2.StreamProcessor.service(StreamProcessor.java:324)
at
org.apache.coyote.AbstractProcessorLight.process(AbstractProcessorLight.java:66)
at org.apache.coyote.http2.StreamProcessor.process(StreamProcessor.java:69)
at org.apache.coyote.http2.StreamRunnable.run(StreamRunnable.java:35) at
java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1149)
at
java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:624)
at
org.apache.tomcat.util.threads.TaskThread$WrappingRunnable.run(TaskThread.java:61)
at java.lang.Thread.run(Thread.java:748) Caused by:
java.lang.RuntimeException: javax.net.ssl.SSLHandshakeException: No subject
alternative names present at
org.jasig.cas.client.util.CommonUtils.getResponseFromServer(CommonUtils.java:458)
at
org.jasig.cas.client.validation.AbstractCasProtocolUrlBasedTicketValidator.retrieveResponseFromServer(AbstractCasProtocolUrlBasedTicketValidator.java:41)
at
org.jasig.cas.client.validation.AbstractUrlBasedTicketValidator.validate(AbstractUrlBasedTicketValidator.java:193)
at
org.pac4j.cas.credentials.authenticator.CasAuthenticator.validate(CasAuthenticator.java:62)
at
org.pac4j.cas.client.direct.DirectCasClient.retrieveCredentials(DirectCasClient.java:68)
at
org.pac4j.cas.client.direct.DirectCasClient.retrieveCredentials(DirectCasClient.java:37)
at org.pac4j.core.client.DirectClient.getCredentials(DirectClient.java:44)
at
org.pac4j.core.engine.DefaultSecurityLogic.perform(DefaultSecurityLogic.java:115)
... 90 more Caused by: javax.net.ssl.SSLHandshakeException: No subject
alternative names present at
sun.security.ssl.Alert.createSSLException(Alert.java:131) at
sun.security.ssl.TransportContext.fatal(TransportContext.java:324) at
sun.security.ssl.TransportContext.fatal(TransportContext.java:267) at
sun.security.ssl.TransportContext.fatal(TransportContext.java:262) at
sun.security.ssl.CertificateMessage$T12CertificateConsumer.checkServerCerts(CertificateMessage.java:654)
at
sun.security.ssl.CertificateMessage$T12CertificateConsumer.onCertificate(CertificateMessage.java:473)
at
sun.security.ssl.CertificateMessage$T12CertificateConsumer.consume(CertificateMessage.java:369)
at sun.security.ssl.SSLHandshake.consume(SSLHandshake.java:377) at
sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:444) at
sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:422) at
sun.security.ssl.TransportContext.dispatch(TransportContext.java:182) at
sun.security.ssl.SSLTransport.decode(SSLTransport.java:149) at
sun.security.ssl.SSLSocketImpl.decode(SSLSocketImpl.java:1143) at
sun.security.ssl.SSLSocketImpl.readHandshakeRecord(SSLSocketImpl.java:1054)
at sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:394) at
sun.net.www.protocol.https.HttpsClient.afterConnect(HttpsClient.java:559)
at
sun.net.www.protocol.https.AbstractDelegateHttpsURLConnection.connect(AbstractDelegateHttpsURLConnection.java:185)
at
sun.net.www.protocol.http.HttpURLConnection.getInputStream0(HttpURLConnection.java:1570)
at
sun.net.www.protocol.http.HttpURLConnection.getInputStream(HttpURLConnection.java:1498)
at
sun.net.www.protocol.https.HttpsURLConnectionImpl.getInputStream(HttpsURLConnectionImpl.java:268)
at
org.jasig.cas.client.util.CommonUtils.getResponseFromServer(CommonUtils.java:444)
... 97 more Caused by: java.security.cert.CertificateException: No subject
alternative names present at
sun.security.util.HostnameChecker.matchIP(HostnameChecker.java:156) at
sun.security.util.HostnameChecker.match(HostnameChecker.java:100) at
sun.security.ssl.X509TrustManagerImpl.checkIdentity(X509TrustManagerImpl.java:457)
at
sun.security.ssl.X509TrustManagerImpl.checkIdentity(X509TrustManagerImpl.java:431)
at
sun.security.ssl.X509TrustManagerImpl.checkTrusted(X509TrustManagerImpl.java:230)
at
sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:129)
at
sun.security.ssl.CertificateMessage$T12CertificateConsumer.checkServerCerts(CertificateMessage.java:638)
... 113 more
On Tuesday, February 6, 2018 at 11:42:35 PM UTC+5:30 Carlos Eduardo Santos
wrote:
> Thank you gentlemen for all the help. Thank you David !
> I was able to solve the certificate problem, I had problem with
> admusers.properties but I was able to resolve and access the dashboard.
> As a solution, I had to create a new certificate with the domain
> certificates we have, following the steps of the excellent documentation
> provided by David.
> Now I'm accessing the dashboard and other options and also cas-management.
>
> Thank you one more time !!
>
> Em sexta-feira, 2 de fevereiro de 2018 10:54:00 UTC-2, Carlos Eduardo
> Santos escreveu:
>>
>> / status / dashborad - Page not found.
>> Hello everyone, I have been trying to configure the CAS server for a few
>> days (following all the information from "the new school"). The information
>> is very clear, but I could not access anything ahead of / status /.
>> To the status page I can visualize the dashboard, for example, nothing.
>> Below the configuration of cas.properties
>>
>> cas.server.name = http: // xxxxxxxxxxxxxx
>> cas.server.prefix = $ {server.name} / cas
>> cas.tgc.secure = true
>> cas.tgc.encryptionKey = DCETkZ33-A7TETvjgZ24J_o2xQkyQxc0FCFa725ubnY
>> cas.tgc.signingKey =
>> 8y-RtN0Ny3VF9DAkNQPvIeXXkHtTetFu9bEcG5G7F95ckmSdvE9ZdMSbVCRvBEmwJv_Bbr7wBIfsCrXdo-IytQ
>> cas.webflow.crypto.signing.key =
>> J4qjH74TlZY5Ic6GTnblZbwKN4Ye1mBuMEr-a3_DNpakNbmkX0LUmXGQ30oetbf8N_dNXsG_rdjWyXUOen1mEA
>> cas.webflow.crypto.encryption.key = dE1URfP5K6nvFtnUgBppQw ==
>> cas.authn.accept.users =
>> logging.config = file: /etc/cas/config/log4j2.xml
>> cas.serviceRegistry.config.location = file: / etc / cas / services
>> cas.authn.accept.users =
>> cas.authn.ldap [0] .order = 0
>> cas.authn.ldap [0] .name = Active Directory
>> cas.authn.ldap [0] .type = AUTHENTICATED
>> cas.authn.ldap [0] .ldapUrl = ldap: //10.1.0.48:389
>> cas.authn.ldap [0] .userFilter = sAMAccountName = {user}
>> cas.authn.ldap [0] .useSsl = false
>> cas.authn.ldap [0] .baseDn = OU = CNANET, DC = cna, DC = org, DC = br
>> cas.authn.ldap [0] .dnFormat = uid =% s, ou = people, dc = example, dc =
>> org
>> cas.authn.ldap [0] .subtreeSearch = true
>> cas.authn.ldap [0] .bindDn = cn = xxxxx, cn = Users, dc = xxx, dc = org,
>> dc = br
>> cas.authn.ldap [0] .bindCredential = xxxxxxx
>> cas.adminPagesSecurity.actuatorEndpointsEnabled = true
>> cas.monitor.endpoints.enabled = true
>> endpoints.enabled = true
>> cas.adminPagesSecurity.ip = ^ 10 \\. 1 \\. (3 \\. [0-9] {1,3} | 0 \\.
>> [12] 0) $
>> cas.monitor.endpoints.sensitive = false
>> endpoints.sensitive = false
>> cas.adminPagesSecurity.loginUrl = $ {cas.server.prefix} / login
>> cas.adminPagesSecurity.service = $ {cas.server.prefix} / status /
>> dashboard
>> cas.adminPagesSecurity.users = file: /etc/cas/config/admusers.properties
>> cas.adminPagesSecurity.adminRoles [0] = ROLE_ADMIN
>> ##############
>> I'm trying to free cas.adminPagesSecurity.ip for the 10.1.3.0/24
>> network. but I do not know if that's the right way.
>> I've tried to follow another topic that talks about it but without
>> success.
>> Please, can someone help me !!!
>> Thank you.
>>
>
--
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
---
You received this message because you are subscribed to the Google Groups "CAS
Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
To view this discussion on the web visit
https://groups.google.com/a/apereo.org/d/msgid/cas-user/0d695882-edda-4dfb-b37f-6dc22efa6ed9n%40apereo.org.
