Problem with cas5 + LDAPS + trustmanager

58 views

Skip to first unread message

Marcio Gomes

unread,

Apr 6, 2017, 11:56:11 PM4/6/17

to CAS Community

Hello guys,

I am setting up CAS5.x LDAP with SSL. The LDAP's server is configured with a ssl certificate. The CN's certificate is not same LDAPs hostname.

So, we got the error:

java.security.cert.CertificateException: Hostname '[ldapserver]' does not match the hostname in the server's certificate 'CN=anotherldapserver, O=ORG, C=JP'

at org.ldaptive.ssl.HostnameVerifyingTrustManager.checkCertificateTrusted(HostnameVerifyingTrustManager.java:79) ~[ldaptive-1.2.0.jar:?]

at org.ldaptive.ssl.HostnameVerifyingTrustManager.checkServerTrusted(HostnameVerifyingTrustManager.java:55) ~[ldaptive-1.2.0.jar:?]

at org.ldaptive.ssl.AggregateTrustManager.checkServerTrusted(AggregateTrustManager.java:107) ~[ldaptive-1.2.0.jar:?]

at sun.security.ssl.AbstractTrustManagerWrapper.checkServerTrusted(SSLContextImpl.java:922) ~[?:1.8.0_92]

at sun.security.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:1491) ~[?:1.8.0_92]

at sun.security.ssl.ClientHandshaker.processMessage(ClientHandshaker.java:216) ~[?:1.8.0_92]

at sun.security.ssl.Handshaker.processLoop(Handshaker.java:979) ~[?:1.8.0_92]

at sun.security.ssl.Handshaker.process_record(Handshaker.java:914) ~[?:1.8.0_92]

at sun.security.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:1062) ~[?:1.8.0_92]

at sun.security.ssl.SSLSocketImpl.performInitialHandshake(SSLSocketImpl.java:1375) ~[?:1.8.0_92]

at sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1403) ~[?:1.8.0_92]

at sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1387) ~[?:1.8.0_92]

at com.sun.jndi.ldap.Connection.createSocket(Connection.java:376) ~[?:1.8.0_92]

at com.sun.jndi.ldap.Connection.<init>(Connection.java:203) ~[?:1.8.0_92]

at com.sun.jndi.ldap.LdapClient.<init>(LdapClient.java:137) ~[?:1.8.0_92]

at com.sun.jndi.ldap.LdapClient.getInstance(LdapClient.java:1614) ~[?:1.8.0_92]

at com.sun.jndi.ldap.LdapCtx.connect(LdapCtx.java:2746) ~[?:1.8.0_92]

at com.sun.jndi.ldap.LdapCtx.<init>(LdapCtx.java:319) ~[?:1.8.0_92]

at com.sun.jndi.ldap.LdapCtxFactory.getUsingURL(LdapCtxFactory.java:192) ~[?:1.8.0_92]

at com.sun.jndi.ldap.LdapCtxFactory.getUsingURLs(LdapCtxFactory.java:210) ~[?:1.8.0_92]

at com.sun.jndi.ldap.LdapCtxFactory.getLdapCtxInstance(LdapCtxFactory.java:153) ~[?:1.8.0_92]

at com.sun.jndi.ldap.LdapCtxFactory.getInitialContext(LdapCtxFactory.java:83) ~[?:1.8.0_92]

at javax.naming.spi.NamingManager.getInitialContext(NamingManager.java:684) ~[?:1.8.0_92]

at javax.naming.InitialContext.getDefaultInitCtx(InitialContext.java:313) ~[?:1.8.0_92]

at javax.naming.InitialContext.init(InitialContext.java:244) ~[?:1.8.0_92]

at javax.naming.ldap.InitialLdapContext.<init>(InitialLdapContext.java:154) ~[?:1.8.0_92]

at org.ldaptive.provider.jndi.JndiConnectionFactory.createInternal(JndiConnectionFactory.java:87) ~[ldaptive-1.2.0.jar:?]

at org.ldaptive.provider.jndi.JndiConnectionFactory.createInternal(JndiConnectionFactory.java:21) ~[ldaptive-1.2.0.jar:?]

at org.ldaptive.provider.AbstractProviderConnectionFactory.create(AbstractProviderConnectionFactory.java:84) ~[ldaptive-1.2.0.jar:?]

at org.ldaptive.DefaultConnectionFactory$DefaultConnection.open(DefaultConnectionFactory.java:267) ~[ldaptive-1.2.0.jar:?]

at org.ldaptive.pool.AbstractConnectionPool.createConnection(AbstractConnectionPool.java:437) ~[ldaptive-1.2.0.jar:?]

at org.ldaptive.pool.AbstractConnectionPool.createAvailableConnection(AbstractConnectionPool.java:476) ~[ldaptive-1.2.0.jar:?]

at org.ldaptive.pool.AbstractConnectionPool.grow(AbstractConnectionPool.java:326) ~[ldaptive-1.2.0.jar:?]

at org.ldaptive.pool.AbstractConnectionPool.initialize(AbstractConnectionPool.java:235) ~[ldaptive-1.2.0.jar:?]

at org.apereo.cas.configuration.support.Beans.newBlockingConnectionPool(Beans.java:400) ~[cas-server-core-configuration-5.0.3.1.jar:5.0.3.1]

at org.apereo.cas.configuration.support.Beans.newPooledConnectionFactory(Beans.java:411) ~[cas-server-core-configuration-5.0.3.1.jar:5.0.3.1]

at org.apereo.cas.adaptors.ldap.services.config.LdapServiceRegistryConfiguration.ldapServiceRegistryDao(LdapServiceRegistryConfiguration.java:44)

I tryed to insert into deployerConfigContext.xml file:

<bean id="sslConfig"

class="org.ldaptive.ssl.SslConfig">

<constructor-arg ref="defaultTrustManager"/>

</bean>

<bean id="defaultTrustManager"

class="org.ldaptive.ssl.DefaultTrustManager" />

But didnt work :(

May you help me to connect to this ldap server with ssl??

thanks

casuser

unread,

Nov 27, 2018, 12:22:11 AM11/27/18

to CAS Community, mgar...@gmail.com

Did you find a way to get around with this error?

Reply all

Reply to author

Forward

0 new messages