I started my journey by creating a new web project in eclipse and configured the web xml according to the
CAS Java Client procedure. I basically pointed to an apache2 load balancer for a tomcat cluster where the CAS deployment was running.
I immediately ran into problems with the following error:
sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
This error occured because the certificate being referenced was not in my JRE's keystore. I was able to resolve following the procedure at
dreamingthings blog.
I was not thru yet. I then got this error:
javax.net.ssl.SSLHandshakeException: java.security.cert.CertificateException: No subject alternative names present
This error arose since I was using the IP address of the server in the CAS authentication URL. While I had used the IP for the Common Name (
CN) entry while generating the certificate, this
sun forum answer by user
ejp discourages that.
I finally
regenerated the self signed certificate, making sure that I used the hostname for the
CN entry. There were no more errors after that :)
My next post should be on getting ZK to show the CAS username saved in the session.
