当前位置: 代码迷 >> Java Web开发 >> yale cas 单点登陆有关问题
  详细解决方案

yale cas 单点登陆有关问题

热度:766   发布时间:2016-04-17 10:26:54.0
yale cas 单点登陆问题。
把cas server配置在localhost,如果把cas client也配置在localhost就是正常的,但把cas client配置在其它机器(在client的jvm导入证书),在认证页面输入用户名和密码提交通过后,就出错,即跳不回原来的页面,用了各种方法(尝试用IP来做证书的名称,做client和server两份证书,在client端的Tomcat也开放8443端口等其它),还是抛出以下错误: 

严重: Servlet.service() for servlet jsp threw exception 
edu.yale.its.tp.cas.client.CASAuthenticationException: Unable to validate ProxyTicketValidator [[edu.yale.its.tp.cas.client.ProxyTicketValidator proxyList=[null] [edu.yale.its.tp.cas.client.ServiceTicketValidator casValidateUrl=[https://192.168.3.99:8443/cas/proxyValidate] ticket=[ST-2-TCtDXiiXy7DanHIDz5RgKadIbmjXYcjeblW-20] service=[http%3A%2F%2F192.168.3.121%2Fcas%2Fdm20.jsp] renew=false]]] 
  at edu.yale.its.tp.cas.client.CASReceipt.getReceipt(CASReceipt.java:52) 
  at edu.yale.its.tp.cas.client.filter.CASFilter.getAuthenticatedUser(CASFilter.java:455) 
  at edu.yale.its.tp.cas.client.filter.CASFilter.doFilter(CASFilter.java:378) 
  at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:202) 
  at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:173) 
  at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:213) 
  at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:178) 
  at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:126) 
  at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:105) 
  at org.apache.catalina.valves.AccessLogValve.invoke(AccessLogValve.java:541) 
  at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:107) 
  at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:148) 
  at org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:869) 
  at org.apache.coyote.http11.Http11BaseProtocol$Http11ConnectionHandler.processConnection(Http11BaseProtocol.java:664) 
  at org.apache.tomcat.util.net.PoolTcpEndpoint.processSocket(PoolTcpEndpoint.java:527) 
  at org.apache.tomcat.util.net.LeaderFollowerWorkerThread.runIt(LeaderFollowerWorkerThread.java:80) 
  at org.apache.tomcat.util.threads.ThreadPool$ControlRunnable.run(ThreadPool.java:684) 
  at java.lang.Thread.run(Thread.java:595) 
Caused by: java.io.IOException: HTTPS hostname wrong: should be <192.168.3.99> 
  at sun.net.www.protocol.https.HttpsClient.checkURLSpoofing(HttpsClient.java:490) 
  at sun.net.www.protocol.https.HttpsClient.afterConnect(HttpsClient.java:415) 
  at sun.net.www.protocol.https.AbstractDelegateHttpsURLConnection.connect(AbstractDelegateHttpsURLConnection.java:170) 
  at sun.net.www.protocol.http.HttpURLConnection.getInputStream(HttpURLConnection.java:913) 
  at sun.net.www.protocol.https.HttpsURLConnectionImpl.getInputStream(HttpsURLConnectionImpl.java:234) 
  at edu.yale.its.tp.cas.util.SecureURL.retrieve(SecureURL.java:84) 
  at edu.yale.its.tp.cas.client.ServiceTicketValidator.validate(ServiceTicketValidator.java:212) 
  at edu.yale.its.tp.cas.client.CASReceipt.getReceipt(CASReceipt.java:50) 

网上有人说到这个问题的解决方法: 
是Client里面抛出,是当我们不使用证书的CN去访问域名的时候(比如下文是用IP访问而且证书的CN是该IP对应的域名而非该IP),CASClient无法信任,因为你证书的CN命名写着abc.com,192.168.1.111这个IP是无法被CAS Client识别。 


我尝试过,还是不行。 

请求专家及高手帮手解决!万分感谢!

------解决方案--------------------
不懂,关注中
------解决方案--------------------