Hyland Community
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Nuxeo 5.5 + SSO Cas installation problem

Go to answer
laurent13_
Champ in-the-making
Champ in-the-making

‎07-06-2012 11:57 AM

With a fresh installation of Nuxeo 5.5, I want to authenticate users with CAS. I follow tutorials and forum about installation of this module.

When I connect to Nuxeo, I come to CAS login form. But when form is submit, my browser show this error.

Erreur 310 (net::ERR_TOO_MANY_REDIRECTS) : Trop de redirections

The log of Tomcat is follow :

2012-07-06 14:56:27,542 DEBUG [org.nuxeo.ecm.platform.ui.web.auth.cas2.Cas2Authenticator] serviceUrl: https://cas.myserver.com/cas/serviceValidate

2012-07-06 14:56:27,570 ERROR [org.nuxeo.ecm.platform.ui.web.auth.cas2.Cas2Authenticator] checkCasTicket failed with IOException:
javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
	at sun.security.ssl.Alerts.getSSLException(Alerts.java:192)
	at sun.security.ssl.SSLSocketImpl.fatal(SSLSocketImpl.java:1868)
	at sun.security.ssl.Handshaker.fatalSE(Handshaker.java:276)
	at sun.security.ssl.Handshaker.fatalSE(Handshaker.java:270)
	at sun.security.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:1337)

I have import my certificat to a private keystore that I have mentionned in file nuxeoctl.bat. I add these arguments to command line : "-Djavax.net.debug=ssl -Djavax.net.ssl.keyStore=cas.cacerts -Djavax.net.ssl.keyStorePassword=password". But I have alway the same result.

How can I configure CAS properly in order to authenticate users with it ?

How can I show what keystore it is used ?

Thank's in advance

0 Kudos
1 ACCEPTED ANSWER

Go to answer
Benjamin_Jalon1
Elite Collaborator
Elite Collaborator

‎07-10-2012 08:21 AM

I copy the exception to google and I found that: https://blogs.oracle.com/gc/entry/unable_to_find_valid_certification

This means the CAS server is httpsified and the certificate is not trusted by your JVM. So you must add the certificate to the trust store. If I'm right 😄

regards,

View answer in original post

0 Kudos
2 REPLIES 2

Go to answer
Benjamin_Jalon1
Elite Collaborator
Elite Collaborator

‎07-10-2012 08:21 AM

I copy the exception to google and I found that: https://blogs.oracle.com/gc/entry/unable_to_find_valid_certification

This means the CAS server is httpsified and the certificate is not trusted by your JVM. So you must add the certificate to the trust store. If I'm right 😄

regards,

0 Kudos

Go to answer
laurent13_
Champ in-the-making
Champ in-the-making

‎07-13-2012 10:50 AM

Thank's bjalon for your answer.

I have already add certificate to a personal trust store and path of this trust store in nuxeo configuration. But errors was always the same.

I finally found what trust store Java runtime use and modify it. The problem was solved now.

0 Kudos
Getting started

Find what you came for

We want to make your experience in Hyland Connect as valuable as possible, so we put together some helpful links.

Copyright © 2025 Khoros, LLC