incubator-jspwiki-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From anilkumarkatta <anilkumarka...@gmail.com>
Subject Re: Web Container Authentication Via LDAP
Date Fri, 09 Oct 2009 09:51:37 GMT


Hi All

Thanks for you replies.

I have tried installing the ssl for the url. but same issue.

I took some time to check how the existing url's ssl is done in keystore..
but find nothing in java_home/lib/security.

how this can be no ssl certifcates in keystore?

if they keystore is exists in app level where does it saved in application

Thanks again for the replies.

-Anil


Andrew Jaquith-4 wrote:
> 
> You are pretty new to this whole Java thing aren't you?
> 
> It appears that 1) your LDAP server requires SSL (a good thing!) and  
> that 2) your LDAP's SSL certificate is self-signed and therefore not  
> trusted.
> 
> Java keeps an internal list of SSL certs it trusts. Your self-signed  
> CA is not one of them. You need to add the SSL certificate CA (that  
> is, the self-signed root) to your local JSSE trusted certificate  
> store. This is at $JAVA_HOME/lib/security/cacerts.
> 
> The Java command line tool "keytool" can do this. You can also use my  
> SSLHelper class, part of my freshcookies-security.jar that ships with  
> JSPWiki. Indeed, I wrote it for just this situation. See the docs at
> freshcookies.org 
>   for details.
> 
> With either aproach, you will need appprpriate admin rights to modify  
> the truststore.
> 
> Andrew
> 
> On Oct 6, 2009, at 8:29, anilkumarkatta <anilkumarkatta@gmail.com>  
> wrote:
> 
>>
>>
>> ....contd.
>> Caused by: javax.net.ssl.SSLHandshakeException:
>> sun.security.validator.ValidatorException: PKIX path building failed:
>> sun.security.provider.certpath.SunCertPathBuilderException: unable  
>> to find
>> valid certification path to requested target
>>
>>
>> anilkumarkatta wrote:
>>>
>>> Hi All
>>>
>>> I have tried to authenticate via LDAP server with all the  
>>> configuration
>>> procedure explained in the URL
>>> http://www.jspwiki.org/wiki/WebContainerAuthenticationViaLDAP
>>> with a user provided LDAP settings, I got firewall team to get the  
>>> secure
>>> port open from where application is talking to the LDAP.
>>>
>>> i am getting this exception while start of the application
>>>
>>>
>>> 2009-10-06 22:14:04,581 [Thread-2] INFO
>>> org.apache.catalina.tribes.membership.McastService - Done sleeping,
>>> membership established, start level:4
>>> 2009-10-06 22:14:04,581 [Thread-2] INFO
>>> org.apache.catalina.tribes.membership.McastService - Sleeping for  
>>> 1000
>>> milliseconds to establish cluster membership, start level:8
>>> 2009-10-06 22:14:05,581 [Thread-2] INFO
>>> org.apache.catalina.tribes.membership.McastService - Done sleeping,
>>> membership established, start level:8
>>> 2009-10-06 22:14:06,144 [Thread-2] WARN
>>> org.apache.catalina.core.ContainerBase.[Catalina] - Exception  
>>> performing
>>> authentication
>>> javax.naming.CommunicationException: simple bind failed:
>>> ARTE001.MYDOMAIN.AK.com:636 [Root exception is
>>> javax.net.ssl.SSLHandshakeException:
>>> sun.security.validator.ValidatorException: PKIX path building failed:
>>> sun.security.provider.certpath.SunCertPathBuilderException: unable  
>>> to find
>>> valid certification path to requested target]
>>>    at com.sun.jndi.ldap.LdapClient.authenticate(Unknown Source)
>>>    at com.sun.jndi.ldap.LdapCtx.connect(Unknown Source)
>>>    at com.sun.jndi.ldap.LdapCtx.<init>(Unknown Source)
>>>
>>>
>>> where as when I place other deatails of the LDAP its working fine.
>>> does this required any cerification files like .jks files.. if so  
>>> where
>>> shall I place them?
>>>
>>> your replies are most welcome
>>>
>>> Regards,
>>> -Anil Katta
>>>
>>
>> -- 
>> View this message in context:
>> http://www.nabble.com/Web-Container-Authentication-Via-LDAP-tp25767713p25767801.html
>> Sent from the JspWiki - User mailing list archive at Nabble.com.
>>
> 
> 

-- 
View this message in context: http://www.nabble.com/Web-Container-Authentication-Via-LDAP-tp25767713p25818421.html
Sent from the JspWiki - User mailing list archive at Nabble.com.


Mime
View raw message