[Building Sakai] CASifying Sakai: blank page after CAS login

Steve Swinsburg steve.swinsburg at gmail.com
Wed Apr 2 16:32:45 PDT 2014 

Hi,

That setting is used in the CAS handshake to ensure that everything is ok
before proceeding.
The cert error is likely due to the certificate you are using, you need to
ensure it is trusted by the JVM that the CAS server is using, which is
$JAVA_HOME/jre/lib/security/cacerts
by default. But it's only occurred when you had the wrong server name so
get everything working correctly and then see if it persists.

One strategy you might want to use is having placeholder properties in the
login tool web.xml and having it add in the properties via maven build
filtering. Then you can change it for each environment (ie
dev/test/uat/prod etc) without changing the code.

See:
https://source.sakaiproject.org/svn/msub/anu.edu.au/services/2.8.x/login/login-tool/tool/pom.xml
https://source.sakaiproject.org/svn/msub/anu.edu.au/services/2.8.x/login/login-tool/tool/src/webapp/WEB-INF/web.xml
https://source.sakaiproject.org/svn/msub/anu.edu.au/services/2.8.x/anu-conf/sample.build.properties

cheers,
Steve



On Thu, Apr 3, 2014 at 8:08 AM, Sanghyun Jeon <euksa99 at gmail.com> wrote:

> Thank you, Steve.
>
> Actually I got another problem.
> I accidentally put the server name of web.xml as our production servername
> instead of our dev servername. dev server has all modified web.xml and
> pom.xml and sakai.properties.
>
> Here's what happen with the production (wrong) servername.
> visit the gateway page of sakaidev.pomona.edu > click login > redirect
> our CAS login page > after the CAS authentication, sakai.claremont.edu (I
> think it's because I put the server name as sakai.claremont.edu) pops up.
>
>
> When I realize my mistake and change the server name into
> sakaidev.pomona.edu and i got the
>
> java.lang.RuntimeException: javax.net.ssl.SSLHandshakeException:
> sun.security.validator.ValidatorException: PKIX path building failed:
> sun.security.provider.certpath.SunCertPathBuilderException: unable to find
> valid certification path
>
>
> after the CAS authentication
>
>
>
>
>
> Question: the current server name in CAS Authentication and Validation
> Filter of web.xml is used for what?
>
>
>         <init-param>
>             <param-name>serverName</param-name>
>           <param-value>YOUR_SAKAI_SERVER:PORT</param-value>
>         </init-param>
>
>
> Why do I get the different result depending on the specified server name?
>
>
>
> Should it be resolved from CAS end or from Sakai end?
>
>
> One thing I noticed is when webauth.claremont.edu and sakai.claremont.eduare on the same domain, it redirects the sakai webpage after the CAS login.
>
> However, sakai.pomona.edu is on the different domain from
> webauth.claremont.edu, I got validationexception.
>
>
> Although the production servername gives me the right behavior,  this is
> wrong information, so...
>
>
> I attached the screen shot when I get the validation error with the right
> server name and please advise.
>
>
> S
>
>
>
>
>
>
>
>
>
> On Wed, Apr 2, 2014 at 1:15 PM, Steve Swinsburg <steve.swinsburg at gmail.com
> > wrote:
>
>> Yep that sakai login tool url needs to have the url of the sakai server.
>> Adjust your web.xml
>>
>> As an aside, it is good to see that guide still going strong. I wrote it
>> for 2.4 ;)
>>
>> Cheers
>> Steve
>>
>> sent from my mobile device
>> On 03/04/2014 3:03 AM, "Sam Ottenhoff" <ottenhoff at longsight.com> wrote:
>>
>>> Okay, delete all the Nakamura references or move the CAS filter *above*
>>> Nakamura.
>>>
>>>
>>>
>>>> Sakai has sakai.claremont.edu
>>>> CAS has webauth.claremont.edu (I got the instruction from our CAS
>>>> developers to replace webauth.claremontmckenna.edu with webauth
>>>> claremont.edu)
>>>>
>>>
>>> Then this setting is wrong:
>>>
>>>         <init-param>
>>>             <param-name>serverName</param-name>
>>>             <!-- <param-value>YOUR_SAKAI_SERVER:PORT</param-value> -->
>>>             <param-value>webauth.claremontmckenna.edu</param-value>
>>>         </init-param>
>>>
>>>
>>>
>>>         <init-param>
>>>              <param-name>serverName</param-name>
>>>              <param-value>YOUR_SAKAI_SERVER:PORT</param-value>
>>>         </init-param>
>>>
>>>
>>> _______________________________________________
>>> sakai-dev mailing list
>>> sakai-dev at collab.sakaiproject.org
>>> http://collab.sakaiproject.org/mailman/listinfo/sakai-dev
>>>
>>> TO UNSUBSCRIBE: send email to
>>> sakai-dev-unsubscribe at collab.sakaiproject.org with a subject of
>>> "unsubscribe"
>>>
>>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://collab.sakaiproject.org/pipermail/sakai-dev/attachments/20140403/4246b785/attachment.html

More information about the sakai-dev mailing list