Hello, did you hijack that topic or is it related to that? If it’s a new topic, please start a new thread with an according subject.
Thanks! > -----Ursprüngliche Nachricht----- > Von: Jasmin Ćatić <jasmin.cati...@gmail.com> > Gesendet: Freitag, 15. Juli 2022 10:56 > An: Tomcat Users List <users@tomcat.apache.org> > Betreff: Re: [OT] issues with Tomcat to Siteminder communication post mod- > proxy setup > > Hello, > > Can someone please give me a step by step guide on how to make my > tomcat webapp available online with a domain name. > Thanks. > > Regards, > JC > > sri, 13. srp 2022. u 18:31 <jonmcalexan...@wellsfargo.com.invalid> napisao > je: > > > Could this potentially be caused by > > <Listener > > className="org.apache.catalina.core.AprLifecycleListener" > > SSLEngine="on" /> > > > > But not using Tomcat Native? > > > > Thanks, > > > > Dream * Excel * Explore * Inspire > > Jon McAlexander > > Senior Infrastructure Engineer > > Asst. Vice President > > He/His > > > > Middleware Product Engineering > > Enterprise CIO | EAS | Middleware | Infrastructure Solutions > > > > 8080 Cobblestone Rd | Urbandale, IA 50322 > > MAC: F4469-010 > > Tel 515-988-2508 | Cell 515-988-2508 > > > > jonmcalexan...@wellsfargo.com > > This message may contain confidential and/or privileged information. > > If you are not the addressee or authorized to receive this for the > > addressee, you must not use, copy, disclose, or take any action based > > on this message or any information herein. If you have received this > > message in error, please advise the sender immediately by reply e-mail > > and delete this message. Thank you for your cooperation. > > > > > > > -----Original Message----- > > > From: Thomas Hoffmann (Speed4Trade GmbH) > > > <thomas.hoffm...@speed4trade.com.INVALID> > > > Sent: Wednesday, July 13, 2022 11:28 AM > > > To: Tomcat Users List <users@tomcat.apache.org> > > > Subject: AW: [OT] issues with Tomcat to Siteminder communication > > > post mod-proxy setup > > > > > > Hello, > > > > > > > -----Ursprüngliche Nachricht----- > > > > Von: jonmcalexan...@wellsfargo.com.INVALID > > > > <jonmcalexan...@wellsfargo.com.INVALID> > > > > Gesendet: Mittwoch, 13. Juli 2022 18:17 > > > > An: users@tomcat.apache.org > > > > Betreff: RE: [OT] issues with Tomcat to Siteminder communication > > > > post > > > > mod- proxy setup > > > > > > > > Here is the error we are getting. The login form, hosted by > > > > Tomcat, does a POST to the /login/login.fcc for siteminder which > > > > is on the HTTPD server and is not behind the proxypass or > proxypassreverse. > > > > > > > > javax.net.ssl|DEBUG|96|https-jsse-nio-8305-exec-1|2022-07-12 > > > > 13:12:49.399 > > > > PDT|SSLSocketImpl.java:1615|close the SSL connection (passive) > > > > PDT|<class> > > > > PDT|12 > > > > Jul 2022 13:12:49,399 ERROR [https-jsse-nio-8305-exec-1]: DEVT: > > > > <app> Unable to get Channel Secure Session: Unable to perform > > > > siteminder handshake > > > > java.lang.Exception: Unable to perform siteminder handshake > > > > > > > > Our SiteMinder team is telling us it's not their issue. Again, > > > > this POST worked fine when using mod_jk and SSL wasn't enabled for > > > connection on Tomcat. > > > > > > > > Thanks, > > > > > > > > > > This error message is most likely thrown by the application and not > > > by tomcat. > > > The underlying error would be important including the full stack below. > > > Are there some "caused by" Exceptions below? > > > Otherwise the siteminder application is hiding the underlying Exception. > > > > > > > > > > jonmcalexan...@wellsfargo.com > > > > This message may contain confidential and/or privileged information. > > > > If you are not the addressee or authorized to receive this for the > > > > addressee, you must not use, copy, disclose, or take any action > > > > based on this message or any information herein. If you have > > > > received this message in error, please advise the sender > > > > immediately by reply e-mail and delete this message. Thank you for > your cooperation. > > > > > > > > > > > > > -----Original Message----- > > > > > From: jonmcalexan...@wellsfargo.com.INVALID > > > > > <jonmcalexan...@wellsfargo.com.INVALID> > > > > > Sent: Tuesday, July 12, 2022 5:22 PM > > > > > To: users@tomcat.apache.org > > > > > Subject: RE: [OT] issues with Tomcat to Siteminder communication > > > > > post > > > > > mod- proxy setup > > > > > > > > > > I'm wondering if it is having to do with the SMSESSION cookie > > > > > not getting passed correctly. Still trying to figure this one out. > > > > > > > > > > Thanks, > > > > > > > > > > Dream * Excel * Explore * Inspire Jon McAlexander Senior > > > > > Infrastructure Engineer Asst. Vice President He/His > > > > > > > > > > Middleware Product Engineering > > > > > Enterprise CIO | EAS | Middleware | Infrastructure Solutions > > > > > > > > > > 8080 Cobblestone Rd | Urbandale, IA 50322 > > > > > MAC: F4469-010 > > > > > Tel 515-988-2508 | Cell 515-988-2508 > > > > > > > > > > jonmcalexan...@wellsfargo.com > > > > > This message may contain confidential and/or privileged information. > > > > > If you are not the addressee or authorized to receive this for > > > > > the addressee, you must not use, copy, disclose, or take any > > > > > action based on this message or any information herein. If you > > > > > have received this message in error, please advise the sender > > > > > immediately by reply e-mail and delete this message. Thank you > > > > > for your > > cooperation. > > > > > > > > > > > -----Original Message----- > > > > > > From: Christopher Schultz <ch...@christopherschultz.net> > > > > > > Sent: Tuesday, July 12, 2022 9:16 AM > > > > > > To: users@tomcat.apache.org > > > > > > Subject: Re: [OT] issues with Tomcat to Siteminder > > > > > > communication post > > > > > > mod- proxy setup > > > > > > > > > > > > Jon, > > > > > > > > > > > > On 7/8/22 16:48, jonmcalexan...@wellsfargo.com.INVALID wrote: > > > > > > > Chris, > > > > > > > > > > > > > > Moving this discussion to here. Yes, it appears that I broke > > > > > > > something when > > > > > > setting up the Tomcat Connector for the mod-proxy that is now > > > > > > affecting, somehow, the SSL communication with the Site Minder > > > > > > services. Here is the connector we added below. > > > > > > > > > > > > The only reason I can think of that would cause your Tomcat > > > > > > TLS connector configuration to affect your SiteMinder thing is > > > > > > if you are trying to specify the javax.net.ssl.trustStore > > > > > > system property for the entire JVM, and allowing Tomcat to inherit > that. > > > > > > > > > > > > > Temporarily have set certificateVerification to optional to > > > > > > > see if it was something with the communication between HTTPD > > > > > > > and > > > Tomcat. > > > > > > > > > > > > > > <Connector port="8305" > > > > > > > protocol="org.apache.coyote.http11.Http11NioProtocol" > > > > > > maxThreads="100" > > > > > > > compression="on" scheme="https" SSLEnabled="true" > > > secure="true"> > > > > > > > > > > > > > > <SSLHostConfig > > protocols="TLSv1.2" > > > > > > certificateVerification="optional" truststoreFile="" > > > > truststorePassword="" > > > > > > truststoreType="JKS" > > > > > > > > > > > > > > ciphers="TLS_DHE_RSA_WITH_AES_256_GCM_SHA384, > > > > > > > > > > > > Assuming truststoreFile is not actually _blank_, then this > > > > > > should > > be fine. > > > > > > > > > > > > > > > TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384, > > > > > > > > > TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384, > > > > > > > > > TLS_ECDHE_ECDSA_WITH_AES_256_CCM_8, > > > > > > > > > TLS_DHE_RSA_WITH_AES_128_GCM_SHA256, > > > > > > > > > TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256, > > > > > > > > > TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256, > > > > > > > > > TLS_DHE_DSS_WITH_AES_128_GCM_SHA256, > > > > > > > > > > > > > > TLS_DHE_RSA_WITH_AES_128_CCM, > > > > > > > > > TLS_ECDHE_ECDSA_WITH_AES_128_CCM, > > > > > > > > > > > > > > TLS_DHE_RSA_WITH_AES_128_CCM_8, > > > > > > > > > > > > > > TLS_ECDHE_ECDSA_WITH_AES_128_CCM_8, > > > > > > > > > > > > > > TLS_DHE_RSA_WITH_CHACHA20_POLY1305_SHA256, > > > > > > > > > > > > > > TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256, > > > > > > > > > > > > > > TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256"> > > > > > > > > > > > > > > > > > > > > > <Certificate Type="RSA" > certificateKeystoreFile="<certificate>.pfx" > > > > > > > certificateKeystorePassword="" > certificateKeystoreType="pkcs12" > > > > > > > /> > > > > > > > > > > > > Note: none of the TLS_XXX_ECDSA_* cipher suites will do > > > > > > anything for you, since you are using only an RSA key. > > > > > > > > > > > > Is your SiteMinder client code using its own special trust > > > > > > store and key > > > > > store? > > > > > > If you are getting a handshake failure (mentioned in your > > > > > > message to dev@httpd but not here yet: > > "javax.net.ssl.SSLHandshakeException: > > > > > > Received fatal alert: bad_certificate error"), you might want > > > > > > to start looking there. The problem is very unlikely to be > > > > > > your Tomcat configuration or anything related to it, unless > > > > > > you use the same key store and trust store for both. > > > > > > > > > > > > -chris > > > > > > > > > > > > -------------------------------------------------------------- > > > > > > ---- > > > > > > -- > > > > > > - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org > > > > > > For additional commands, e-mail: users-h...@tomcat.apache.org > > > > > > > > > > > > > > > ---------------------------------------------------------------- > > > > > ---- > > > > > - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org > > > > > For additional commands, e-mail: users-h...@tomcat.apache.org > > > > > > > > > -------------------------------------------------------------------- > > > - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org > > > For additional commands, e-mail: users-h...@tomcat.apache.org > > > > > > --------------------------------------------------------------------- > > To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org > > For additional commands, e-mail: users-h...@tomcat.apache.org > >
