AI 助理
备案控制台
开发者社区> 问答> 正文

CAS SSO配置后,客户端请求登陆成功、回跳的时候报错-配置报错

"

<span style=""background-color:#e56600;font-size:24px;font-family:KaiTi_GB2312;"">cas server端正常运行,也可以登陆:

client 端的配置:

web.xml:

<filter>
		<filter-name>sso</filter-name>
		<filter-class>edu.yale.its.tp.cas.client.filter.CASFilter</filter-class>
		<init-param>
			<param-name>edu.yale.its.tp.cas.client.filter.loginUrl</param-name>
			<param-value>https://localho:8443/sso-server/login</param-value>
		</init-param>
		<init-param>
			<param-name>edu.yale.its.tp.cas.client.filter.validateUrl</param-name>
			<param-value>https://localhost:8443/sso-server/serviceValidate</param-value>
		</init-param>
		<init-param>
			<param-name>edu.yale.its.tp.cas.client.filter.serverName</param-name>
			<param-value>localho:8088</param-value>
		</init-param>
	</filter>
	<filter-mapping>
		<filter-name>sso</filter-name>
		<url-pattern>/*</url-pattern>
	</filter-mapping>

 现在访问客户端:http://localhost:port/project/自动跳转到https://localhost:8443/cas-server

验证登陆,也登陆成功,也获得了ticket,

但是回跳的时候,就报错了:

http://localhost:8088/castest1/?ticket=ST-2-4y6GgXW9ue3fd0Fg9CL6 

HTTP Status 500 -

type Exception report

message

description The server encountered an internal error () that prevented it from fulfilling this request.

exception

javax.servlet.ServletException: edu.yale.its.tp.cas.client.CASAuthenticationException: Unable to validate ProxyTicketValidator [[edu.yale.its.tp.cas.client.ProxyTicketValidator proxyList=[null] [edu.yale.its.tp.cas.client.ServiceTicketValidator casValidateUrl=[https://www.sso-demo.com:8443/sso-server/serviceValidate] ticket=[ST-1-aptbOwbIcCvNn2zw6gtH] service=[http%3A%2F%2Fwww.sso-demo.com%3A8088%2Fcastest1%2F] renew=false]]]
	edu.yale.its.tp.cas.client.filter.CASFilter.doFilter(CASFilter.java:381)
	edu.yale.its.tp.cas.filter.EncodingFilter.doFilter(EncodingFilter.java:42)
root cause

edu.yale.its.tp.cas.client.CASAuthenticationException: Unable to validate ProxyTicketValidator [[edu.yale.its.tp.cas.client.ProxyTicketValidator proxyList=[null] [edu.yale.its.tp.cas.client.ServiceTicketValidator casValidateUrl=[https://www.sso-demo.com:8443/sso-server/serviceValidate] ticket=[ST-1-aptbOwbIcCvNn2zw6gtH] service=[http%3A%2F%2Fwww.sso-demo.com%3A8088%2Fcastest1%2F] renew=false]]]
	edu.yale.its.tp.cas.client.CASReceipt.getReceipt(CASReceipt.java:51)
	edu.yale.its.tp.cas.client.filter.CASFilter.getAuthenticatedUser(CASFilter.java:455)
	edu.yale.its.tp.cas.client.filter.CASFilter.doFilter(CASFilter.java:378)
	edu.yale.its.tp.cas.filter.EncodingFilter.doFilter(EncodingFilter.java:42)
root cause

javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
	com.sun.net.ssl.internal.ssl.Alerts.getSSLException(Alerts.java:174)
	com.sun.net.ssl.internal.ssl.SSLSocketImpl.fatal(SSLSocketImpl.java:1591)
	com.sun.net.ssl.internal.ssl.Handshaker.fatalSE(Handshaker.java:187)
	com.sun.net.ssl.internal.ssl.Handshaker.fatalSE(Handshaker.java:181)
	com.sun.net.ssl.internal.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:975)
	com.sun.net.ssl.internal.ssl.ClientHandshaker.processMessage(ClientHandshaker.java:123)
	com.sun.net.ssl.internal.ssl.Handshaker.processLoop(Handshaker.java:516)
	com.sun.net.ssl.internal.ssl.Handshaker.process_record(Handshaker.java:454)
	com.sun.net.ssl.internal.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:884)
	com.sun.net.ssl.internal.ssl.SSLSocketImpl.performInitialHandshake(SSLSocketImpl.java:1096)
	com.sun.net.ssl.internal.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1123)
	com.sun.net.ssl.internal.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1107)
	sun.net.www.protocol.https.HttpsClient.afterConnect(HttpsClient.java:405)
	sun.net.www.protocol.https.AbstractDelegateHttpsURLConnection.connect(AbstractDelegateHttpsURLConnection.java:166)
	sun.net.www.protocol.http.HttpURLConnection.getInputStream(HttpURLConnection.java:977)
	sun.net.www.protocol.https.HttpsURLConnectionImpl.getInputStream(HttpsURLConnectionImpl.java:234)
	edu.yale.its.tp.cas.util.SecureURL.retrieve(SecureURL.java:84)
	edu.yale.its.tp.cas.client.ServiceTicketValidator.validate(ServiceTicketValidator.java:212)
	edu.yale.its.tp.cas.client.CASReceipt.getReceipt(CASReceipt.java:49)
	edu.yale.its.tp.cas.client.filter.CASFilter.getAuthenticatedUser(CASFilter.java:455)
	edu.yale.its.tp.cas.client.filter.CASFilter.doFilter(CASFilter.java:378)
	edu.yale.its.tp.cas.filter.EncodingFilter.doFilter(EncodingFilter.java:42)
root cause

sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
	sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:285)
	sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:191)
	sun.security.validator.Validator.validate(Validator.java:218)
	com.sun.net.ssl.internal.ssl.X509TrustManagerImpl.validate(X509TrustManagerImpl.java:126)
	com.sun.net.ssl.internal.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:209)
	com.sun.net.ssl.internal.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:249)
	com.sun.net.ssl.internal.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:954)
	com.sun.net.ssl.internal.ssl.ClientHandshaker.processMessage(ClientHandshaker.java:123)
	com.sun.net.ssl.internal.ssl.Handshaker.processLoop(Handshaker.java:516)
	com.sun.net.ssl.internal.ssl.Handshaker.process_record(Handshaker.java:454)
	com.sun.net.ssl.internal.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:884)
	com.sun.net.ssl.internal.ssl.SSLSocketImpl.performInitialHandshake(SSLSocketImpl.java:1096)
	com.sun.net.ssl.internal.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1123)
	com.sun.net.ssl.internal.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1107)
	sun.net.www.protocol.https.HttpsClient.afterConnect(HttpsClient.java:405)
	sun.net.www.protocol.https.AbstractDelegateHttpsURLConnection.connect(AbstractDelegateHttpsURLConnection.java:166)
	sun.net.www.protocol.http.HttpURLConnection.getInputStream(HttpURLConnection.java:977)
	sun.net.www.protocol.https.HttpsURLConnectionImpl.getInputStream(HttpsURLConnectionImpl.java:234)
	edu.yale.its.tp.cas.util.SecureURL.retrieve(SecureURL.java:84)
	edu.yale.its.tp.cas.client.ServiceTicketValidator.validate(ServiceTicketValidator.java:212)
	edu.yale.its.tp.cas.client.CASReceipt.getReceipt(CASReceipt.java:49)
	edu.yale.its.tp.cas.client.filter.CASFilter.getAuthenticatedUser(CASFilter.java:455)
	edu.yale.its.tp.cas.client.filter.CASFilter.doFilter(CASFilter.java:378)
	edu.yale.its.tp.cas.filter.EncodingFilter.doFilter(EncodingFilter.java:42)
root cause

sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
	sun.security.provider.certpath.SunCertPathBuilder.engineBuild(SunCertPathBuilder.java:174)
	java.security.cert.CertPathBuilder.build(CertPathBuilder.java:238)
	sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:280)
	sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:191)
	sun.security.validator.Validator.validate(Validator.java:218)
	com.sun.net.ssl.internal.ssl.X509TrustManagerImpl.validate(X509TrustManagerImpl.java:126)
	com.sun.net.ssl.internal.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:209)
	com.sun.net.ssl.internal.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:249)
	com.sun.net.ssl.internal.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:954)
	com.sun.net.ssl.internal.ssl.ClientHandshaker.processMessage(ClientHandshaker.java:123)
	com.sun.net.ssl.internal.ssl.Handshaker.processLoop(Handshaker.java:516)
	com.sun.net.ssl.internal.ssl.Handshaker.process_record(Handshaker.java:454)
	com.sun.net.ssl.internal.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:884)
	com.sun.net.ssl.internal.ssl.SSLSocketImpl.performInitialHandshake(SSLSocketImpl.java:1096)
	com.sun.net.ssl.internal.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1123)
	com.sun.net.ssl.internal.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1107)
	sun.net.www.protocol.https.HttpsClient.afterConnect(HttpsClient.java:405)
	sun.net.www.protocol.https.AbstractDelegateHttpsURLConnection.connect(AbstractDelegateHttpsURLConnection.java:166)
	sun.net.www.protocol.http.HttpURLConnection.getInputStream(HttpURLConnection.java:977)
	sun.net.www.protocol.https.HttpsURLConnectionImpl.getInputStream(HttpsURLConnectionImpl.java:234)
	edu.yale.its.tp.cas.util.SecureURL.retrieve(SecureURL.java:84)
	edu.yale.its.tp.cas.client.ServiceTicketValidator.validate(ServiceTicketValidator.java:212)
	edu.yale.its.tp.cas.client.CASReceipt.getReceipt(CASReceipt.java:49)
	edu.yale.its.tp.cas.client.filter.CASFilter.getAuthenticatedUser(CASFilter.java:455)
	edu.yale.its.tp.cas.client.filter.CASFilter.doFilter(CASFilter.java:378)
	edu.yale.its.tp.cas.filter.EncodingFilter.doFilter(EncodingFilter.java:42)
note The full stack trace of the root cause is available in the Apache Tomcat/6.0.29 logs.

"

展开
收起
montos 2020-06-01 21:22:12 570 0
1 条回答
写回答
取消 提交回答
问答分类:
应用服务中间件 Apache
问答地址:
开发者社区 > 开发与运维 > 问答

版权声明:本文内容由阿里云实名注册用户自发贡献,版权归原作者所有,阿里云开发者社区不拥有其著作权,亦不承担相应法律责任。具体规则请查看《阿里云开发者社区用户服务协议》和《阿里云开发者社区知识产权保护指引》。如果您发现本社区中有涉嫌抄袭的内容,填写侵权投诉表单进行举报,一经查实,本社区将立刻删除涉嫌侵权内容。

相关问答
CAS SSO配置后,客户端请求登陆成功、回跳的时候报错 :报错
967
1
0
单点登录cas 客户端配置的一个小问题 :报错
1121
1
0
CAS SSO配置后,客户端请求登陆成功、回跳的时候报错:配置报错 
1089
1
0
在配置cas支持客户端自定义页面时报...报错
925
1
0
单点登录cas 客户端配置的一个小问题 - 配置报错
1270
1
0
单点登录cas 客户端配置的一个小问题:配置报错 
555
1
0
cas自动登录,注册工作流自动登录配置详解?:报错
1230
1
0
单点登录cas 客户端配置的一个小问题-配置报错
799
1
0
两个浏览器登陆同一个账户,session无法同步:报错
1225
1
0
CAS SSO单点登录ajax请求拦截,白名单循环重定向。:报错
1301
1
0
问答排行榜
最热
最新
1 【大咖问答】对话PostgreSQL 中国社区发起人之一,阿里云数据库高级专家 德哥 1818945
2 据说在家办公的程序员是这样写代码的? 1793059
3 阿里云开放端口权限 690230
4 如何升级配置 536271
5 【藏经阁一起读(27)】本周推荐《Apache Flink案例集(2022版)》,你有哪些心得? 522805
6 【精品问答】python技术1000问(1) 514115
7 Flink Forward Asia 2021 有奖问答 512895
8 OceanBase 使用动画(持续更新) 359367
9 阿里云LNAMP(Linux + Nginx + Apache + MySQL + PHP)环境一键安装脚本 329796
10 OSS存储服务-客户端工具 321539
11 为体验实验室取一个新名字。 307464
12 企业邮箱发送邮件时,若出现投递失败产生退信,内容提示包含如下: the mta server of * reply:550 failed to meet SPF requirements 或者 the mta server of 163.com — 163mx01.mxmail.netease.com(220.181.14.141) reply:550 MI:SPF mx14,QMCowECpA0qTiftVaeB3Cg—.872S2 1442548128 http://mail.163.com/help 304068
13 Win Server 2003-2016 加密勒索事件必打补丁合集 295320
14 FLASH播放器,在IE浏览器下显示请确定您的域名已完成备案和CNAME绑定 284159
15 安全组详解,新手必看教程 277337
16 写code还是做管理,开发者如何进行职业规划? 269095
17 惊喜翻倍:免费ECS+免费环境配置~!(ECS免费体验6个月活动3月31日结束) 255876
18 阿里云手机和阿云浏览器连接问题专帖 235686
19 请问阿里云邮箱如何开启SMTP服务啊! 225838
20 支付宝H5 下载的时候,提示 【请确保该下载文件来源安全,如需浏览,请长按网址复制后使用浏览器访问】 225531
1 FFA 2024 大会门票免费送!AI时代下大数据技术未来路在何方? 211
2 AI时代,存力or算力哪一个更关键? 725
3 全网寻找 #六边形战士# 程序员,你的 AI 编码助手身份标签是什么? 940
4 关于开发者的100件小事,你知道哪些? 982
5 AI助力,短剧迎来创新热潮? 579
6 &quot;ModelScope默认的下载位置是在哪里? 178
7 1024程序员节,开发者们都在参与社区的哪些活动? 2159
8 关于文本框校验自定义函数的问题 315
9 执行docker search nginx 报错超时 174
10 百问求答第四期-回答问题即有机会拿冬季取暖器 929
11 宜搭-集成&amp;自动化,怎么实现定时自动获取普通表单里的所有数据,并更新该表单里的某列数据? 204
12 有没有大佬知道:宜搭的流程表单里如何通过js面板给成员组件赋值? 260
13 百问求答第四期-回答问题即有机会拿冬季取暖器 693
14 域名内网可以正常访问,外网访问不了 329
15 普通人能用阿里云做什么? 147
16 宜搭表单 数据管理 增加 全部删除功能 228
17 获取Access Token报code: 400, body is mandatory 347
18 运动旅游开启新潮流,哪些科技手段能助力你的行程呢? 940
19 “AI+儿童陪伴”,是噱头还是趋势? 993
20 小白求助,跟着大模型微调教程做不太明白 587
推荐问答
乘风问答官招募中!机械键盘免费拿

相关文章

  • Feign远程调用
  • Nacos配置中心
  • Gateway服务网关
  • 集群容错架构设计
  • Router

    • 相关电子书

    更多
    • 安全机制与User账户身份验证实战 立即下载
    低代码开发师(初级)实战教程 立即下载
    阿里巴巴DevOps 最佳实践手册 立即下载

    相关实验场景

    更多
  • 通过会话管理端口转发功能访问ECS内部服务
    162
    1.0小时
    去实验