Nuxeo 5.5 + SSO Cas installation problem
With a fresh installation of Nuxeo 5.5, I want to authenticate users with CAS. I follow tutorials and forum about installation of this module.
When I connect to Nuxeo, I come to CAS login form. But when form is submit, my browser show this error.
Erreur 310 (net::ERR_TOO_MANY_REDIRECTS) : Trop de redirections
The log of Tomcat is follow :
2012-07-06 14:56:27,542 DEBUG [org.nuxeo.ecm.platform.ui.web.auth.cas2.Cas2Authenticator] serviceUrl: https://cas.myserver.com/cas/serviceValidate 2012-07-06 14:56:27,570 ERROR [org.nuxeo.ecm.platform.ui.web.auth.cas2.Cas2Authenticator] checkCasTicket failed with IOException: javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target at sun.security.ssl.Alerts.getSSLException(Alerts.java:192) at sun.security.ssl.SSLSocketImpl.fatal(SSLSocketImpl.java:1868) at sun.security.ssl.Handshaker.fatalSE(Handshaker.java:276) at sun.security.ssl.Handshaker.fatalSE(Handshaker.java:270) at sun.security.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:1337)
I have import my certificat to a private keystore that I have mentionned in file nuxeoctl.bat. I add these arguments to command line : “-Djavax.net.debug=ssl -Djavax.net.ssl.keyStore=cas.cacerts -Djavax.net.ssl.keyStorePassword=password”. But I have alway the same result.
How can I configure CAS properly in order to authenticate users with it ?
How can I show what keystore it is used ?
Thank's in advance
I copy the exception to google and I found that: https://blogs.oracle.com/gc/entry/unable_to_find_valid_certification
This means the CAS server is httpsified and the certificate is not trusted by your JVM. So you must add the certificate to the trust store. If I'm right :D
Thank's bjalon for your answer.
I have already add certificate to a personal trust store and path of this trust store in nuxeo configuration. But errors was always the same.
I finally found what trust store Java runtime use and modify it. The problem was solved now.