单点登录

CAS异常Unable to validate ProxyTicketValidator

 

edu.yale.its.tp.cas.client.CASAuthenticationException: Unable to validate ProxyTicketValidator
[[edu.yale.its.tp.cas.client.ProxyTicketValidator proxyList = [ null ] 
[edu.yale.its.tp.cas.client.ServiceTicketValidator casValidateUrl = 
[https: // sourcesite:8443/cas/proxyValidate] ticket=[ST-0-UMjsI0YOhF15RhutnkHW] 
service=[http%3A%2F%2Fdestsite%3A8080%2Fservlets-examples%2Fservlet%2FHelloWorldExample] 
renew=false]]]
    at edu.yale.its.tp.cas.client.CASReceipt.getReceipt(CASReceipt.java: 52 )
    at edu.yale.its.tp.cas.client.filter.CASFilter.getAuthenticatedUser(CASFilter.java:455 )
    at edu.yale.its.tp.cas.client.filter.CASFilter.doFilter(CASFilter.java: 378 )
    at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:202 )
    at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:173 )
    at filters.ExampleFilter.doFilter(ExampleFilter.java: 101 )
    at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:202 )
    at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:173 )
    at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:213 )
    at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:178 )
    at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:432 )
    at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:126 )
    at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java: 105 )
    at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:107 )
    at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java: 148)
    at org.apache.coyote.http11.Http11Processor.process(Http11Processor.java: 869)
    at org.apache.coyote.http11.Http11BaseProtocol$Http11ConnectionHandler.processConnection(Http11BaseProtocol.java:664 )
    at org.apache.tomcat.util.net.PoolTcpEndpoint.processSocket(PoolTcpEndpoint.java:527 )
    at org.apache.tomcat.util.net.LeaderFollowerWorkerThread.runIt(LeaderFollowerWorkerThread.java:80 )
    at org.apache.tomcat.util.threads.ThreadPool$ControlRunnable.run(ThreadPool.java:684 )

 

可能的原因：

1.证书未正确产生和导入。在SSL握手中，CAS Client无法识别CAS Server的证书(X)，即无法建立一条从cacerts信任证书到X的信任路径，读者可以看一个叫做PKIX规范。解决办法是检查tomcat使用的信任证书路径，通常是jre/lib/security/cacerts文件，看是否已经导入了所需信任证书。

2. 未使用域名作为访问服务器。

3. tomcat使用的jvm不是系统默认的jdk所带的JVM，这个经常发生。