Hello, Created ssl certificate in CAS 5.2 server system 1] keytool -genkey -keyalg RSA -alias thekeystore -keystore thekeystore -storepass changeit -validity 360 -keysize 2048 -ext san=ip:192.168.07.111 2] keytool -export -alias thekeystore -keypass changeit -file cas.crt -keystore thekeystore -storepass changeit 3] keytool -import -file cas.crt -alias thekeystore -keypass changeit -keystore /usr/lib/jvm/java-1.8.0-openjdk-amd64/jre/lib/security/cacerts -storepass changeit
created ssl certificate in Apache client system 1] openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout client.key -out client.crt How can I connect cas server 5.2 to Apache client Apache client side, I can redirected to cas server login page but after entered username and password then it is show "Unauthorized " error page which certificate i need to pass from server to client /etc/ssl/certs path how can i connect server and client to each other Thanks and Regards Arti On Thursday, March 25, 2021 at 10:20:22 PM UTC+5:30 Ray Bon wrote: > Arti, > > 'subject alternative name' is part of your SSL certificate. > See, > https://apereo.github.io/cas/6.3.x/installation/Troubleshooting-Guide.html#no-subject-alternative-names, > > for some trouble shooting. > > Ray > > On Thu, 2021-03-25 at 04:23 -0700, arti wavale wrote: > > Notice: This message was sent from outside the University of Victoria > email system. Please be cautious with links and sensitive information. > > > Hello, > > I am facing same issue so can you tell me how you created certificate and > share your admusers.properties file once > > ISSUE: > CAS is unable to process this request: "500:Internal Server Error" > > org.pac4j.core.exception.TechnicalException: java.lang.RuntimeException: > javax.net.ssl.SSLHandshakeException: No subject alternative names present > at > org.pac4j.core.engine.DefaultSecurityLogic.perform(DefaultSecurityLogic.java:170) > > at > org.pac4j.springframework.web.SecurityInterceptor.preHandle(SecurityInterceptor.java:65) > > at > org.pac4j.springframework.web.SecurityInterceptor$$FastClassBySpringCGLIB$$efdcf9fe.invoke(<generated>) > > at org.springframework.cglib.proxy.MethodProxy.invoke(MethodProxy.java:204) > at > org.springframework.aop.framework.CglibAopProxy$CglibMethodInvocation.invokeJoinpoint(CglibAopProxy.java:738) > > at > org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:157) > > at > org.springframework.aop.support.DelegatingIntroductionInterceptor.doProceed(DelegatingIntroductionInterceptor.java:133) > > at > org.springframework.aop.support.DelegatingIntroductionInterceptor.invoke(DelegatingIntroductionInterceptor.java:121) > > at > org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:179) > > at > org.springframework.aop.framework.CglibAopProxy$DynamicAdvisedInterceptor.intercept(CglibAopProxy.java:673) > > at > org.pac4j.springframework.web.SecurityInterceptor$$EnhancerBySpringCGLIB$$577bc7b.preHandle(<generated>) > > at > org.apereo.cas.config.CasSecurityContextConfiguration$CasAdminStatusInterceptor.preHandle(CasSecurityContextConfiguration.java:155) > > at > org.springframework.web.servlet.HandlerExecutionChain.applyPreHandle(HandlerExecutionChain.java:133) > > at > org.springframework.web.servlet.DispatcherServlet.doDispatch(DispatcherServlet.java:962) > > at > org.springframework.web.servlet.DispatcherServlet.doService(DispatcherServlet.java:901) > > at > org.springframework.web.servlet.FrameworkServlet.processRequest(FrameworkServlet.java:970) > > at > org.springframework.web.servlet.FrameworkServlet.doGet(FrameworkServlet.java:861) > > at javax.servlet.http.HttpServlet.service(HttpServlet.java:634) at > org.springframework.web.servlet.FrameworkServlet.service(FrameworkServlet.java:846) > > at javax.servlet.http.HttpServlet.service(HttpServlet.java:741) at > org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:231) > > at > org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166) > > at org.apache.tomcat.websocket.server.WsFilter.doFilter(WsFilter.java:52) > at > org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193) > > at > org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166) > > at > org.apereo.cas.web.support.AuthenticationCredentialsLocalBinderClearingFilter.doFilter(AuthenticationCredentialsLocalBinderClearingFilter.java:28) > > at > org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193) > > at > org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166) > > at > org.apereo.cas.security.RequestParameterPolicyEnforcementFilter.doFilter(RequestParameterPolicyEnforcementFilter.java:261) > > at > org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193) > > at > org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166) > > at > org.apereo.cas.security.ResponseHeadersEnforcementFilter.doFilter(ResponseHeadersEnforcementFilter.java:245) > > at > org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193) > > at > org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166) > > at > org.springframework.boot.actuate.trace.WebRequestTraceFilter.doFilterInternal(WebRequestTraceFilter.java:111) > > at > org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:107) > > at > org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193) > > at > org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166) > > at > org.springframework.web.filter.RequestContextFilter.doFilterInternal(RequestContextFilter.java:99) > > at > org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:107) > > at > org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193) > > at > org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166) > > at > org.springframework.web.filter.HttpPutFormContentFilter.doFilterInternal(HttpPutFormContentFilter.java:109) > > at > org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:107) > > at > org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193) > > at > org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166) > > at > org.springframework.web.filter.HiddenHttpMethodFilter.doFilterInternal(HiddenHttpMethodFilter.java:81) > > at > org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:107) > > at > org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193) > > at > org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166) > > at > org.apereo.cas.logging.web.ThreadContextMDCServletFilter.doFilter(ThreadContextMDCServletFilter.java:93) > > at > org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193) > > at > org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166) > > at > org.springframework.boot.actuate.autoconfigure.MetricsFilter.doFilterInternal(MetricsFilter.java:106) > > at > org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:107) > > at > org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193) > > at > org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166) > > at > org.springframework.web.filter.CharacterEncodingFilter.doFilterInternal(CharacterEncodingFilter.java:197) > > at > org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:107) > > at > org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193) > > at > org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166) > > at > org.springframework.boot.web.support.ErrorPageFilter.doFilter(ErrorPageFilter.java:117) > > at > org.springframework.boot.web.support.ErrorPageFilter.access$000(ErrorPageFilter.java:61) > > at > org.springframework.boot.web.support.ErrorPageFilter$1.doFilterInternal(ErrorPageFilter.java:92) > > at > org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:107) > > at > org.springframework.boot.web.support.ErrorPageFilter.doFilter(ErrorPageFilter.java:110) > > at > org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193) > > at > org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166) > > at > org.apereo.inspektr.common.web.ClientInfoThreadLocalFilter.doFilter(ClientInfoThreadLocalFilter.java:66) > > at > org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193) > > at > org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166) > > at > org.apache.logging.log4j.web.Log4jServletFilter.doFilter(Log4jServletFilter.java:71) > > at > org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193) > > at > org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166) > > at > org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:199) > > at > org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:96) > > at > org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:528) > > at > org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:139) > at > org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:81) > at > org.apache.catalina.valves.AbstractAccessLogValve.invoke(AbstractAccessLogValve.java:678) > > at org.apache.catalina.valves.RemoteIpValve.invoke(RemoteIpValve.java:747) > at > org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:87) > > at > org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:343) > at > org.apache.coyote.http2.StreamProcessor.service(StreamProcessor.java:324) > at > org.apache.coyote.AbstractProcessorLight.process(AbstractProcessorLight.java:66) > > at org.apache.coyote.http2.StreamProcessor.process(StreamProcessor.java:69) > at org.apache.coyote.http2.StreamRunnable.run(StreamRunnable.java:35) at > java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1149) > > at > java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:624) > > at > org.apache.tomcat.util.threads.TaskThread$WrappingRunnable.run(TaskThread.java:61) > > at java.lang.Thread.run(Thread.java:748) Caused by: > java.lang.RuntimeException: javax.net.ssl.SSLHandshakeException: No subject > alternative names present at > org.jasig.cas.client.util.CommonUtils.getResponseFromServer(CommonUtils.java:458) > > at > org.jasig.cas.client.validation.AbstractCasProtocolUrlBasedTicketValidator.retrieveResponseFromServer(AbstractCasProtocolUrlBasedTicketValidator.java:41) > > at > org.jasig.cas.client.validation.AbstractUrlBasedTicketValidator.validate(AbstractUrlBasedTicketValidator.java:193) > > at > org.pac4j.cas.credentials.authenticator.CasAuthenticator.validate(CasAuthenticator.java:62) > > at > org.pac4j.cas.client.direct.DirectCasClient.retrieveCredentials(DirectCasClient.java:68) > > at > org.pac4j.cas.client.direct.DirectCasClient.retrieveCredentials(DirectCasClient.java:37) > > at org.pac4j.core.client.DirectClient.getCredentials(DirectClient.java:44) > at > org.pac4j.core.engine.DefaultSecurityLogic.perform(DefaultSecurityLogic.java:115) > > ... 90 more Caused by: javax.net.ssl.SSLHandshakeException: No subject > alternative names present at > sun.security.ssl.Alert.createSSLException(Alert.java:131) at > sun.security.ssl.TransportContext.fatal(TransportContext.java:324) at > sun.security.ssl.TransportContext.fatal(TransportContext.java:267) at > sun.security.ssl.TransportContext.fatal(TransportContext.java:262) at > sun.security.ssl.CertificateMessage$T12CertificateConsumer.checkServerCerts(CertificateMessage.java:654) > > at > sun.security.ssl.CertificateMessage$T12CertificateConsumer.onCertificate(CertificateMessage.java:473) > > at > sun.security.ssl.CertificateMessage$T12CertificateConsumer.consume(CertificateMessage.java:369) > > at sun.security.ssl.SSLHandshake.consume(SSLHandshake.java:377) at > sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:444) at > sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:422) at > sun.security.ssl.TransportContext.dispatch(TransportContext.java:182) at > sun.security.ssl.SSLTransport.decode(SSLTransport.java:149) at > sun.security.ssl.SSLSocketImpl.decode(SSLSocketImpl.java:1143) at > sun.security.ssl.SSLSocketImpl.readHandshakeRecord(SSLSocketImpl.java:1054) > at sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:394) at > sun.net.www.protocol.https.HttpsClient.afterConnect(HttpsClient.java:559) > at > sun.net.www.protocol.https.AbstractDelegateHttpsURLConnection.connect(AbstractDelegateHttpsURLConnection.java:185) > > at > sun.net.www.protocol.http.HttpURLConnection.getInputStream0(HttpURLConnection.java:1570) > > at > sun.net.www.protocol.http.HttpURLConnection.getInputStream(HttpURLConnection.java:1498) > > at > sun.net.www.protocol.https.HttpsURLConnectionImpl.getInputStream(HttpsURLConnectionImpl.java:268) > > at > org.jasig.cas.client.util.CommonUtils.getResponseFromServer(CommonUtils.java:444) > > ... 97 more Caused by: java.security.cert.CertificateException: No subject > alternative names present at > sun.security.util.HostnameChecker.matchIP(HostnameChecker.java:156) at > sun.security.util.HostnameChecker.match(HostnameChecker.java:100) at > sun.security.ssl.X509TrustManagerImpl.checkIdentity(X509TrustManagerImpl.java:457) > > at > sun.security.ssl.X509TrustManagerImpl.checkIdentity(X509TrustManagerImpl.java:431) > > at > sun.security.ssl.X509TrustManagerImpl.checkTrusted(X509TrustManagerImpl.java:230) > > at > sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:129) > > at > sun.security.ssl.CertificateMessage$T12CertificateConsumer.checkServerCerts(CertificateMessage.java:638) > > ... 113 more > > On Tuesday, February 6, 2018 at 11:42:35 PM UTC+5:30 Carlos Eduardo Santos > wrote: > > Thank you gentlemen for all the help. Thank you David ! > I was able to solve the certificate problem, I had problem with > admusers.properties but I was able to resolve and access the dashboard. > As a solution, I had to create a new certificate with the domain > certificates we have, following the steps of the excellent documentation > provided by David. > Now I'm accessing the dashboard and other options and also cas-management. > > Thank you one more time !! > > Em sexta-feira, 2 de fevereiro de 2018 10:54:00 UTC-2, Carlos Eduardo > Santos escreveu: > > / status / dashborad - Page not found. > Hello everyone, I have been trying to configure the CAS server for a few > days (following all the information from "the new school"). The information > is very clear, but I could not access anything ahead of / status /. > To the status page I can visualize the dashboard, for example, nothing. > Below the configuration of cas.properties > > cas.server.name = http: // xxxxxxxxxxxxxx > cas.server.prefix = $ {server.name} / cas > cas.tgc.secure = true > cas.tgc.encryptionKey = DCETkZ33-A7TETvjgZ24J_o2xQkyQxc0FCFa725ubnY > cas.tgc.signingKey = > 8y-RtN0Ny3VF9DAkNQPvIeXXkHtTetFu9bEcG5G7F95ckmSdvE9ZdMSbVCRvBEmwJv_Bbr7wBIfsCrXdo-IytQ > cas.webflow.crypto.signing.key = > J4qjH74TlZY5Ic6GTnblZbwKN4Ye1mBuMEr-a3_DNpakNbmkX0LUmXGQ30oetbf8N_dNXsG_rdjWyXUOen1mEA > cas.webflow.crypto.encryption.key = dE1URfP5K6nvFtnUgBppQw == > cas.authn.accept.users = > logging.config = file: /etc/cas/config/log4j2.xml > cas.serviceRegistry.config.location = file: / etc / cas / services > cas.authn.accept.users = > cas.authn.ldap [0] .order = 0 > cas.authn.ldap [0] .name = Active Directory > cas.authn.ldap [0] .type = AUTHENTICATED > cas.authn.ldap [0] .ldapUrl = ldap: //10.1.0.48:389 > cas.authn.ldap [0] .userFilter = sAMAccountName = {user} > cas.authn.ldap [0] .useSsl = false > cas.authn.ldap [0] .baseDn = OU = CNANET, DC = cna, DC = org, DC = br > cas.authn.ldap [0] .dnFormat = uid =% s, ou = people, dc = example, dc = > org > cas.authn.ldap [0] .subtreeSearch = true > cas.authn.ldap [0] .bindDn = cn = xxxxx, cn = Users, dc = xxx, dc = org, > dc = br > cas.authn.ldap [0] .bindCredential = xxxxxxx > cas.adminPagesSecurity.actuatorEndpointsEnabled = true > cas.monitor.endpoints.enabled = true > endpoints.enabled = true > cas.adminPagesSecurity.ip = ^ 10 \\. 1 \\. (3 \\. [0-9] {1,3} | 0 \\. [12] > 0) $ > cas.monitor.endpoints.sensitive = false > endpoints.sensitive = false > cas.adminPagesSecurity.loginUrl = $ {cas.server.prefix} / login > cas.adminPagesSecurity.service = $ {cas.server.prefix} / status / dashboard > cas.adminPagesSecurity.users = file: /etc/cas/config/admusers.properties > cas.adminPagesSecurity.adminRoles [0] = ROLE_ADMIN > ############## > I'm trying to free cas.adminPagesSecurity.ip for the 10.1.3.0/24 network. > but I do not know if that's the right way. > I've tried to follow another topic that talks about it but without success. > Please, can someone help me !!! > Thank you. > > > -- > > Ray Bon > Programmer Analyst > Development Services, University Systems > 2507218831 <(250)%20721-8831> | CLE 019 | [email protected] > > I respectfully acknowledge that my place of work is located within the > ancestral, traditional and unceded territory of the Songhees, Esquimalt and > WSÁNEĆ Nations. > -- - Website: https://apereo.github.io/cas - Gitter Chatroom: https://gitter.im/apereo/cas - List Guidelines: https://goo.gl/1VRrw7 - Contributions: https://goo.gl/mh7qDG --- You received this message because you are subscribed to the Google Groups "CAS Community" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/8814dc08-fce7-4ba9-9d0c-8a387b800c55n%40apereo.org.
