Nuxeo 5.5 + SSO Cas installation problem

With a fresh installation of Nuxeo 5.5, I want to authenticate users with CAS. I follow tutorials and forum about installation of this module.

When I connect to Nuxeo, I come to CAS login form. But when form is submit, my browser show this error.

Erreur 310 (net::ERR_TOO_MANY_REDIRECTS) : Trop de redirections

The log of Tomcat is follow :

2012-07-06 14:56:27,542 DEBUG [org.nuxeo.ecm.platform.ui.web.auth.cas2.Cas2Authenticator] serviceUrl: https://cas.myserver.com/cas/serviceValidate

2012-07-06 14:56:27,570 ERROR [org.nuxeo.ecm.platform.ui.web.auth.cas2.Cas2Authenticator] checkCasTicket failed with IOException:
javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
    at sun.security.ssl.Alerts.getSSLException(Alerts.java:192)
    at sun.security.ssl.SSLSocketImpl.fatal(SSLSocketImpl.java:1868)
    at sun.security.ssl.Handshaker.fatalSE(Handshaker.java:276)
    at sun.security.ssl.Handshaker.fatalSE(Handshaker.java:270)
    at sun.security.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:1337)

I have import my certificat to a private keystore that I have mentionned in file nuxeoctl.bat. I add these arguments to command line : “-Djavax.net.debug=ssl -Djavax.net.ssl.keyStore=cas.cacerts -Djavax.net.ssl.keyStorePassword=password”. But I have alway the same result.

How can I configure CAS properly in order to authenticate users with it ?

How can I show what keystore it is used ?

Thank's in advance

0 votes

2 answers

1182 views

ANSWER



I copy the exception to google and I found that: https://blogs.oracle.com/gc/entry/unable_to_find_valid_certification

This means the CAS server is httpsified and the certificate is not trusted by your JVM. So you must add the certificate to the trust store. If I'm right :D

regards,

0 votes



Thank's bjalon for your answer.

I have already add certificate to a personal trust store and path of this trust store in nuxeo configuration. But errors was always the same.

I finally found what trust store Java runtime use and modify it. The problem was solved now.

0 votes