yale cas异常问题总结(1)unable to validate proxyticketvalidator之https hostname wrong: should be..... -凯发k8网页登录

严重: edu.yale.its.tp.cas.client.casauthenticationexception: unable to validate proxyticketvalidator [[edu.yale.its.tp.cas.client.proxyticketvalidator prox
ylist=[null] [edu.yale.its.tp.cas.client.serviceticketvalidator casvalidateurl=[https://192.168.1.111:8443/cas/proxyvalidate] ticket=[st-0-9h7mx5hk3pfsdxrv
md3y] service=[http://192.168.1.222:8080/servlets-examples/servlet/helloworldexample] renew=false]]]

这个cas异常是从cas client里面抛出，是当我们不使用证书的cn去访问域名的时候（比如下文是用ip访问而且证书的cn是该ip对应的域名而非该ip），casclient无法信任，因为你证书的cn命名写着abc.com，192.168.1.111这个ip是无法被cas client识别。

edu.yale.its.tp.cas.client.casauthenticationexception: unable to validate proxyticketvalidator [[edu.yale.its.tp.cas.client.proxyticketvalidator proxylist = [ null ] [edu.yale.its.tp.cas.client.serviceticketvalidator casvalidateurl = [https: // 192.168.1.111:8443/cas/proxyvalidate] ticket=[st-0-9h7mx5hk3pfsdxrvmd3y] service=[http://192.168.1.222:8080/servlets-examples/servlet/helloworldexample] renew=false]]]

at edu.yale.its.tp.cas.client.casreceipt.getreceipt(casreceipt.java: 52 )

at edu.yale.its.tp.cas.client.filter.casfilter.getauthenticateduser(casfilter.java: 455 )

at edu.yale.its.tp.cas.client.filter.casfilter.dofilter(casfilter.java: 378 )

at org.apache.catalina.core.applicationfilterchain.internaldofilter(applicationfilterchain.java: 202 )

at org.apache.catalina.core.applicationfilterchain.dofilter(applicationfilterchain.java: 173 )

at filters.examplefilter.dofilter(examplefilter.java: 101 )

at org.apache.catalina.core.applicationfilterchain.internaldofilter(applicationfilterchain.java: 202 )

at org.apache.catalina.core.applicationfilterchain.dofilter(applicationfilterchain.java: 173 )

at org.apache.catalina.core.standardwrappervalve.invoke(standardwrappervalve.java: 213 )

at org.apache.catalina.core.standardcontextvalve.invoke(standardcontextvalve.java: 178 )

at org.apache.catalina.authenticator.authenticatorbase.invoke(authenticatorbase.java: 432 )

at org.apache.catalina.core.standardhostvalve.invoke(standardhostvalve.java: 126 )

at org.apache.catalina.valves.errorreportvalve.invoke(errorreportvalve.java: 105 )

at org.apache.catalina.core.standardenginevalve.invoke(standardenginevalve.java: 107 )

at org.apache.catalina.connector.coyoteadapter.service(coyoteadapter.java: 148 )

at org.apache.coyote.http11.http11processor.process(http11processor.java: 869 )

at org.apache.coyote.http11.http11baseprotocol$http11connectionhandler.processconnection(http11baseprotocol.java: 664 )

at org.apache.tomcat.util.net.pooltcpendpoint.processsocket(pooltcpendpoint.java: 527 )

at org.apache.tomcat.util.net.leaderfollowerworkerthread.runit(leaderfollowerworkerthread.java: 80 )

at org.apache.tomcat.util.threads.threadpool$controlrunnable.run(threadpool.java: 684 )

at java.lang.thread.run(thread.java: 595 )

caused by: java.io.ioexception: https hostname wrong: should be < 192.168 . 1.111 >

at sun.net.www.protocol.https.httpsclient.checkurlspoofing(httpsclient.java: 493 )

at sun.net.www.protocol.https.httpsclient.afterconnect(httpsclient.java: 418 )

at sun.net.www.protocol.https.abstractdelegatehttpsurlconnection.connect(abstractdelegatehttpsurlconnection.java: 170 )

at sun.net.www.protocol.http.httpurlconnection.getinputstream(httpurlconnection.java: 905 )

at sun.net.www.protocol.https.httpsurlconnectionimpl.getinputstream(httpsurlconnectionimpl.java: 234 )

at edu.yale.its.tp.cas.util.secureurl.retrieve(secureurl.java: 84 )

at edu.yale.its.tp.cas.client.serviceticketvalidator.validate(serviceticketvalidator.java: 212 )

at edu.yale.its.tp.cas.client.casreceipt.getreceipt(casreceipt.java: 50 )

解决办法：
用域名访问，域名就是证书的cn。

posted on 2006-09-05 18:20 david.turing 阅读(9276) 评论(4) 所属分类: security异常问题

# re: yale cas异常问题总结(1)unable to validate proxyticketvalidator之https hostname wrong: should be.....[未登录] 2007-03-23 02:32

client 怎么得到授权??
就keytool -import....到jvm就行了???

但是我还是报上面的错误.. 回复

# re: yale cas异常问题总结(1)unable to validate proxyticketvalidator之https hostname wrong: should be.....[未登录] 2008-12-25 16:04

要是别的机器访问你的机器，用ip访问，cn我也写的ip，也还是报同样错误回复

# re: yale cas异常问题总结(1)unable to validate proxyticketvalidator之https hostname wrong: should be.....[未登录] 2011-08-30 18:20

我的也是啊，用ip生成的cn，也是用ip访问，还是报这个错误啊回复

# re: yale cas异常问题总结(1)unable to validate proxyticketvalidator之https hostname wrong: should be.....[未登录] 2012-10-24 16:55

edu.yale.its.tp.cas.client.casauthenticationexception: unable to validate proxyticketvalidator [[edu.yale.its.tp.cas.client.proxyticketvalidator proxylist=[null] [edu.yale.its.tp.cas.client.serviceticketvalidator casvalidateurl=[] ticket=[st-1-bs35zsenbocqazwnwjuu-cas] service=[http://cx.com:8080/jsp-examples/] renew=false]]]
使用域名依旧错误…… 回复

新用户注册


只有注册用户后才能发表评论。




网站导航:
相关文章: unexpected signal : exception_access_violation javax.security.auth.login.loginexception:没有为 xxx 配置loginmodules javax.net.ssl.sslhandshakeexception: sun.security.validator.validatorexception: no trusted certificate found

yale cas异常问题总结(1)unable to validate proxyticketvalidator之https hostname wrong: should be..... -凯发k8网页登录

# re: yale cas异常问题总结(1)unable to validate proxyticketvalidator之https hostname wrong: should be.....[未登录] 2007-03-23 02:32

# re: yale cas异常问题总结(1)unable to validate proxyticketvalidator之https hostname wrong: should be.....[未登录] 2008-12-25 16:04

# re: yale cas异常问题总结(1)unable to validate proxyticketvalidator之https hostname wrong: should be.....[未登录] 2011-08-30 18:20

# re: yale cas异常问题总结(1)unable to validate proxyticketvalidator之https hostname wrong: should be.....[未登录] 2012-10-24 16:55

导航

统计

常用链接

留言簿(109)

我参与的团队

随笔分类(126)

随笔档案(155)

文章分类(9)

文章档案(19)

相册

搜索

积分与排名

最新随笔

最新评论

阅读排行榜

评论排行榜