CAS certificate issue

[pacificz]

Hi..
I am facing a problem while configuring CAS with my application in local. The description is as below:

Presently we have an application ABC which is deployed on a server using Tomcat.This application authenticates using CAS. The production version is running well and we have no issues. But now I have to make some enhancements in the application and deploy it again.

I have setup the code using eclipse in my PC(WIN XP) and the war file is also ready. As I want to focus on my application only, I tried to reuse the authentication mechanism of CAS of production with my local version of application. I made the necessary changes in web.xml file of my application for CAS. When I run the application in local using http://localhost:8081/dev_abc.. then it successfully redirects to CAS. After entering the ID and password, it should return to my local application war and run the code. But it fails with the exception edu.yale.its.tp.cas.client.CASAuthenticationExcept ion: Unable to validate ProxyTicketValidator and Handshake Exception.

After this I came to know that I should have my cacerts file in Java, updated with the server certificate. I exported the certificate file of CAS server as .cer file and tried the keytool command to include it in my cacerts. It was done fine as per the steps mentioned in different forums. But still it didnt work. I tried again doing the same but then keytool coomand failed with following display:

C:\j2sdk1.4.2_05\bin>keytool -import -file cas.domain.com.cer -alias cas_cert -keypass cas_cert -trustcacerts -keystore C:\Program Files\Java\jdk1.5.0\jre\lib\
security\cacerts
keytool usage:

-certreq [-v] [-alias <alias>] [-sigalg <sigalg>]
[-file <csr_file>] [-keypass <keypass>]
[-keystore <keystore>] [-storepass <storepass>]
[-storetype <storetype>] [-provider <provider_class_name>] ...

-delete [-v] -alias <alias>
[-keystore <keystore>] [-storepass <storepass>]
[-storetype <storetype>] [-provider <provider_class_name>] ...

---------------- and other keytool options..

Please help that what exactly needs to be done here and also advice if my approach to use existing CAS of production server is correct or I need to configure CAS too in my local tomcat..

I shall be highly obliged with any suggestions..

Regards.. Prashant

[JosAH]

C:\j2sdk1.4.2_05\bin>keytool -import -file cas.domain.com.cer -alias cas_cert -keypass cas_cert -trustcacerts -keystore C:\Program Files\Java\jdk1.5.0\jre\lib\
security\cacerts
keytool usage:

-certreq [-v] [-alias <alias>] [-sigalg <sigalg>]
[-file <csr_file>] [-keypass <keypass>]
[-keystore <keystore>] [-storepass <storepass>]
[-storetype <storetype>] [-provider <provider_class_name>] ...

-delete [-v] -alias <alias>
[-keystore <keystore>] [-storepass <storepass>]
[-storetype <storetype>] [-provider <provider_class_name>] ...

---------------- and other keytool options..

You have to quote the last argument because the directory "Program Files" contains a space character.

kind regards,

Jos

[pacificz]

Dear Jos,

Thanks for the reply... since i posted this i tried to resolve the keytool command erroe and it was done... the certificate was also added to the cacerts file successfully..

But still.. the issue is not resolved. As described in my post,I am trying to use the CAS version deployed in server and connecting to my application deployed at local tomcat. Upon hitting the url. http://localhost:8081/appName, it successfully redirects to CAS page.. I then enter my credentials and upon login it should ideally pick the first application page deplyed on localhost. But it throws a ProxyTicketValidator exception..

I am having no clue as to what did I miss to do.

Regards..

[JosAH]

But still.. the issue is not resolved. As described in my post,I am trying to use the CAS version deployed in server and connecting to my application deployed at local tomcat. Upon hitting the url. http://localhost:8081/appName, it successfully redirects to CAS page.. I then enter my credentials and upon login it should ideally pick the first application page deplyed on localhost. But it throws a ProxyTicketValidator exception..

I'm sorry, I can't help you any further; I hardly understand 50% of what you wrote (I know almost nothing about all those certification packages). I wish you all the luck you need; maybe somebody else can help you.

kind regards,

Jos

[DarrylBurke]

Also on
CAS Configuration Problem - Java Programming Forums

db