Beta
Nuxeo Answers
ask a question

Nuxeo 5.5 + SSO Cas installation problem

0

With a fresh installation of Nuxeo 5.5, I want to authenticate users with CAS. I follow tutorials and forum about installation of this module.

When I connect to Nuxeo, I come to CAS login form. But when form is submit, my browser show this error.

Erreur 310 (net::ERR_TOO_MANY_REDIRECTS) : Trop de redirections

The log of Tomcat is follow :

2012-07-06 14:56:27,542 DEBUG [org.nuxeo.ecm.platform.ui.web.auth.cas2.Cas2Authenticator] serviceUrl: https://cas.myserver.com/cas/serviceValidate

2012-07-06 14:56:27,570 ERROR [org.nuxeo.ecm.platform.ui.web.auth.cas2.Cas2Authenticator] checkCasTicket failed with IOException:
javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
    at sun.security.ssl.Alerts.getSSLException(Alerts.java:192)
    at sun.security.ssl.SSLSocketImpl.fatal(SSLSocketImpl.java:1868)
    at sun.security.ssl.Handshaker.fatalSE(Handshaker.java:276)
    at sun.security.ssl.Handshaker.fatalSE(Handshaker.java:270)
    at sun.security.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:1337)

I have import my certificat to a private keystore that I have mentionned in file nuxeoctl.bat. I add these arguments to command line : "-Djavax.net.debug=ssl -Djavax.net.ssl.keyStore=cas.cacerts -Djavax.net.ssl.keyStorePassword=password". But I have alway the same result.

How can I configure CAS properly in order to authenticate users with it ?

How can I show what keystore it is used ?

Thank's in advance
asked Jul 06 '12 at 15:57 laurent13 6222 laurent13's gravatar image
2 Answers
oldestnewestmost voted
0

I copy the exception to google and I found that: https://blogs.oracle.com/gc/entry/unable_to_find_valid_certification

This means the CAS server is httpsified and the certificate is not trusted by your JVM. So you must add the certificate to the trust store. If I'm right :D

regards,
link
answered Jul 10 '12 at 12:21 bjalon ♦♦ 2.9k203258 bjalon's gravatar image
0

Thank's bjalon for your answer.

I have already add certificate to a personal trust store and path of this trust store in nuxeo configuration. But errors was always the same.

I finally found what trust store Java runtime use and modify it. The problem was solved now.
link
answered Jul 13 '12 at 14:50 laurent13 6222 laurent13's gravatar image
Your answer
toggle preview

Markdown Basics

  • *italic* or __italic__
  • **bold** or __bold__
  • link:[text](http://url.com/ "title")
  • image?![alt text](/path/img.jpg "title")
  • numbered list: 1. Foo 2. Bar
  • to add a line break simply add two spaces to where you would like the new line to be.
  • basic HTML tags are also supported

learn more about Markdown

Tags:

×561

Asked: Jul 06 '12 at 15:57

Seen: 458 times

Last updated: Jul 13 '12 at 14:50

Related questions

Where is the Nuxeo 5.5 mail components documentation?

Why this error occurs in automation chain when use Query operation?

Alternating row colors in the Nuxeo content view table

Access to default repository via WebEngine

Nuxeo and JRebel hot deployment

Is it possible to track the document's download from maybe the section area?

how migrate data postgres 8.4 to 9.1

How can I have a dashboard that cannot be modifed by users?

Can't log in to Nuxeo Platform 5.5 after installing all hotfixes in a row

Is it possible to know if a particular permission is grant anywhere in Nuxeo?