incubator-jspwiki-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Andrew Jaquith <andrew.r.jaqu...@gmail.com>
Subject Re: Web Container Authentication Via LDAP
Date Tue, 06 Oct 2009 13:00:48 GMT
You are pretty new to this whole Java thing aren't you?

It appears that 1) your LDAP server requires SSL (a good thing!) and  
that 2) your LDAP's SSL certificate is self-signed and therefore not  
trusted.

Java keeps an internal list of SSL certs it trusts. Your self-signed  
CA is not one of them. You need to add the SSL certificate CA (that  
is, the self-signed root) to your local JSSE trusted certificate  
store. This is at $JAVA_HOME/lib/security/cacerts.

The Java command line tool "keytool" can do this. You can also use my  
SSLHelper class, part of my freshcookies-security.jar that ships with  
JSPWiki. Indeed, I wrote it for just this situation. See the docs at freshcookies.org 
  for details.

With either aproach, you will need appprpriate admin rights to modify  
the truststore.

Andrew

On Oct 6, 2009, at 8:29, anilkumarkatta <anilkumarkatta@gmail.com>  
wrote:

>
>
> ....contd.
> Caused by: javax.net.ssl.SSLHandshakeException:
> sun.security.validator.ValidatorException: PKIX path building failed:
> sun.security.provider.certpath.SunCertPathBuilderException: unable  
> to find
> valid certification path to requested target
>
>
> anilkumarkatta wrote:
>>
>> Hi All
>>
>> I have tried to authenticate via LDAP server with all the  
>> configuration
>> procedure explained in the URL
>> http://www.jspwiki.org/wiki/WebContainerAuthenticationViaLDAP
>> with a user provided LDAP settings, I got firewall team to get the  
>> secure
>> port open from where application is talking to the LDAP.
>>
>> i am getting this exception while start of the application
>>
>>
>> 2009-10-06 22:14:04,581 [Thread-2] INFO
>> org.apache.catalina.tribes.membership.McastService - Done sleeping,
>> membership established, start level:4
>> 2009-10-06 22:14:04,581 [Thread-2] INFO
>> org.apache.catalina.tribes.membership.McastService - Sleeping for  
>> 1000
>> milliseconds to establish cluster membership, start level:8
>> 2009-10-06 22:14:05,581 [Thread-2] INFO
>> org.apache.catalina.tribes.membership.McastService - Done sleeping,
>> membership established, start level:8
>> 2009-10-06 22:14:06,144 [Thread-2] WARN
>> org.apache.catalina.core.ContainerBase.[Catalina] - Exception  
>> performing
>> authentication
>> javax.naming.CommunicationException: simple bind failed:
>> ARTE001.MYDOMAIN.AK.com:636 [Root exception is
>> javax.net.ssl.SSLHandshakeException:
>> sun.security.validator.ValidatorException: PKIX path building failed:
>> sun.security.provider.certpath.SunCertPathBuilderException: unable  
>> to find
>> valid certification path to requested target]
>>    at com.sun.jndi.ldap.LdapClient.authenticate(Unknown Source)
>>    at com.sun.jndi.ldap.LdapCtx.connect(Unknown Source)
>>    at com.sun.jndi.ldap.LdapCtx.<init>(Unknown Source)
>>
>>
>> where as when I place other deatails of the LDAP its working fine.
>> does this required any cerification files like .jks files.. if so  
>> where
>> shall I place them?
>>
>> your replies are most welcome
>>
>> Regards,
>> -Anil Katta
>>
>
> -- 
> View this message in context: http://www.nabble.com/Web-Container-Authentication-Via-LDAP-tp25767713p25767801.html
> Sent from the JspWiki - User mailing list archive at Nabble.com.
>

Mime
View raw message