Cas 5.2.x 使用 實現SSO單點登入的問題
阿新 • • 發佈:2020-12-11
我們在使用本地生成SSL證書的時候,測試單點登入的時候,執行客戶端出現下列錯誤
java.lang.RuntimeException: javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target org.jasig.cas.client.util.CommonUtils.getResponseFromServer(CommonUtils.java:403) org.jasig.cas.client.validation.AbstractCasProtocolUrlBasedTicketValidator.retrieveResponseFromServer(AbstractCasProtocolUrlBasedTicketValidator.java:41) org.jasig.cas.client.validation.AbstractUrlBasedTicketValidator.validate(AbstractUrlBasedTicketValidator.java:193) org.jasig.cas.client.validation.AbstractTicketValidationFilter.doFilter(AbstractTicketValidationFilter.java:204) org.jasig.cas.client.session.SingleSignOutFilter.doFilter(SingleSignOutFilter.java:97) org.springframework.web.filter.CharacterEncodingFilter.doFilterInternal(CharacterEncodingFilter.java:88) org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:107)
導致這個問題的原因就是,客戶端,沒有匯入證書,報的錯,客戶端的jdk,也是需要匯入證書的,而且必須和服務端的證書一致。
解決解決方法:
1.cd /cas-overlay-template/etc/cas #根據keystore生成證書,有使用到密碼的,是在服務端設定的,預設的changeit 2.keytool -exportcert -alias cas -keystore ./casServer.keystore -file ./casServer.keystore.cer -storepass changeit #把證書匯入到jre的相應路徑,這個證書是可以刪除的 3.keytool -import -alias cas -keystore /usr/local/java/jdk1.8/jre/lib/security/cacerts -file ./casServer.keystore.cer