I have 2 applications deployed on 2 different servers where my GUI application is on Tomcat and CAS(central authentication) on Websphere. I have created keystore file and updated the same in server.xml
in tomcat conf.
Please find the entries below.
Tomcat:
<Environment name="config/centralCasServerLoginURL"
type="java.lang.String" value="https://localhost:9443/my-sso-web/login?
method=POST"/>
Tomcat: <Environment name="config/applicationServiceURL"
type="java.lang.String" value="https://localhost:8443/bank-client-
web/j_spring_cas_security_check"/>*
and
<Connector SSLEnabled="true" clientAuth="false"
keystoreFile="C:\tmp\newKeystore1"
keystorePass="password" maxThreads="200" port="8443"
protocol="org.apache.coyote.http11.Http11NioProtocol" scheme="https"
secure="true" sslProtocol="TLS"/>*
I am able to run both the application individually but when I configured CASAuthentication profile in that time I am able to login CAS but after it redirected to my GUI application URL (ie https://localhost:8443/bank-client-web/j_spring_cas_security_check ) it is throwing below error.
Could you please help me with that?
SEVERE: Servlet.service() for servlet [default] in context with path [/bank-
client-web] threw exception
java.lang.RuntimeException: javax.net.ssl.SSLHandshakeException:
java.security.cert.CertificateException: No name matching localhost found
at org.jasig.cas.client.util.CommonUtils.getResponseFromServer(CommonUtils.java:295)
at org.jasig.cas.client.validation.AbstractCasProtocolUrlBasedTicketValidator.retrieveResponseFromServer(AbstractCasProtocolUrlBasedTicketValidator.java:33)
at org.jasig.cas.client.validation.AbstractUrlBasedTicketValidator.validate(AbstractUrlBasedTicketValidator.java:178)
at org.springframework.security.cas.authentication.CasAuthenticationProvider.authenticateNow(CasAuthenticationProvider.java:131)
at org.springframework.security.cas.authentication.CasAuthenticationProvider.authenticate(CasAuthenticationProvider.java:117)
at org.springframework.security.authentication.ProviderManager.doAuthentication(ProviderManager.java:130)
Caused by: javax.net.ssl.SSLHandshakeException:
java.security.cert.CertificateException: No name matching localhost found
at sun.security.ssl.Alerts.getSSLException(Alerts.java:192)
at sun.security.ssl.SSLSocketImpl.fatal(SSLSocketImpl.java:1949)
at sun.security.ssl.Handshaker.fatalSE(Handshaker.java:302)
Caused by: java.security.cert.CertificateException: No name matching localhost found
at sun.security.util.HostnameChecker.matchDNS(HostnameChecker.java:221)
at sun.security.util.HostnameChecker.match(HostnameChecker.java:95)
... 55 more
This is simply your client-side library peforming strict hostname verification, comparing "localhost" in the URL to the hosts WebSphere's certificate is valid for.
Simplest fix is to address this server by it's actual hostname rather than localhost.
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.