服务器部署cas,登录后页面提示INVALID_PROXY_CALLBACK

然后查看cas的日志,日志报以下错误:

2018-06-29 11:36:06,251 ERROR [org.jasig.cas.util.http.SimpleHttpClient] - java.lang.RuntimeException: Unexpected error: java.security.InvalidAlgorithmParameterException: the trustAnchors parameter must be non-empty

javax.net.ssl.SSLException: java.lang.RuntimeException: Unexpected error: java.security.InvalidAlgorithmParameterException: the trustAnchors parameter must be non-empty

	at sun.security.ssl.Alerts.getSSLException(Unknown Source)

	at sun.security.ssl.SSLSocketImpl.fatal(Unknown Source)

	at sun.security.ssl.SSLSocketImpl.fatal(Unknown Source)

	at sun.security.ssl.SSLSocketImpl.handleException(Unknown Source)

	at sun.security.ssl.SSLSocketImpl.startHandshake(Unknown Source)

	at sun.security.ssl.SSLSocketImpl.startHandshake(Unknown Source)

	at org.apache.http.conn.ssl.SSLConnectionSocketFactory.createLayeredSocket(SSLConnectionSocketFactory.java:394)

	at org.apache.http.conn.ssl.SSLConnectionSocketFactory.connectSocket(SSLConnectionSocketFactory.java:353)

	at org.apache.http.impl.conn.DefaultHttpClientConnectionOperator.connect(DefaultHttpClientConnectionOperator.java:134)

	at org.apache.http.impl.conn.PoolingHttpClientConnectionManager.connect(PoolingHttpClientConnectionManager.java:353)

	at org.apache.http.impl.execchain.MainClientExec.establishRoute(MainClientExec.java:380)

	at org.apache.http.impl.execchain.MainClientExec.execute(MainClientExec.java:236)

	at org.apache.http.impl.execchain.ProtocolExec.execute(ProtocolExec.java:184)

	at org.apache.http.impl.execchain.RetryExec.execute(RetryExec.java:88)

	at org.apache.http.impl.execchain.RedirectExec.execute(RedirectExec.java:110)

	at org.apache.http.impl.execchain.ServiceUnavailableRetryExec.execute(ServiceUnavailableRetryExec.java:84)

	at org.apache.http.impl.client.InternalHttpClient.doExecute(InternalHttpClient.java:184)

	at org.apache.http.impl.client.CloseableHttpClient.execute(CloseableHttpClient.java:82)

	at org.apache.http.impl.client.CloseableHttpClient.execute(CloseableHttpClient.java:107)

	at org.jasig.cas.util.http.SimpleHttpClient.isValidEndPoint(SimpleHttpClient.java:136)

	at org.jasig.cas.authentication.handler.support.HttpBasedServiceCredentialsAuthenticationHandler.authenticate(HttpBasedServiceCredentialsAuthenticationHandler.java:69)

	at org.jasig.cas.authentication.PolicyBasedAuthenticationManager.authenticateInternal(PolicyBasedAuthenticationManager.java:220)

	at org.jasig.cas.authentication.PolicyBasedAuthenticationManager.authenticate(PolicyBasedAuthenticationManager.java:149)

	at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)

	at sun.reflect.NativeMethodAccessorImpl.invoke(Unknown Source)

	at sun.reflect.DelegatingMethodAccessorImpl.invoke(Unknown Source)

	at java.lang.reflect.Method.invoke(Unknown Source)

	at org.springframework.aop.support.AopUtils.invokeJoinpointUsingReflection(AopUtils.java:317)

	at org.springframework.aop.framework.ReflectiveMethodInvocation.invokeJoinpoint(ReflectiveMethodInvocation.java:190)

	at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:157)

	at org.springframework.aop.aspectj.MethodInvocationProceedingJoinPoint.proceed(MethodInvocationProceedingJoinPoint.java:85)

	at org.jasig.inspektr.audit.AuditTrailManagementAspect.handleAuditTrail(AuditTrailManagementAspect.java:128)

	at sun.reflect.GeneratedMethodAccessor123.invoke(Unknown Source)

	at sun.reflect.DelegatingMethodAccessorImpl.invoke(Unknown Source)

	at java.lang.reflect.Method.invoke(Unknown Source)

	at org.springframework.aop.aspectj.AbstractAspectJAdvice.invokeAdviceMethodWithGivenArgs(AbstractAspectJAdvice.java:621)

	at org.springframework.aop.aspectj.AbstractAspectJAdvice.invokeAdviceMethod(AbstractAspectJAdvice.java:610)

	at org.springframework.aop.aspectj.AspectJAroundAdvice.invoke(AspectJAroundAdvice.java:68)

	at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:168)

	at org.springframework.aop.interceptor.ExposeInvocationInterceptor.invoke(ExposeInvocationInterceptor.java:92)

	at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:179)

	at com.ryantenney.metrics.spring.AbstractMetricMethodInterceptor.invoke(AbstractMetricMethodInterceptor.java:62)

	at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:179)

	at com.ryantenney.metrics.spring.AbstractMetricMethodInterceptor.invoke(AbstractMetricMethodInterceptor.java:62)

	at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:179)

	at org.springframework.aop.framework.JdkDynamicAopProxy.invoke(JdkDynamicAopProxy.java:207)

	at com.sun.proxy.$Proxy49.authenticate(Unknown Source)

	at org.jasig.cas.CentralAuthenticationServiceImpl.delegateTicketGrantingTicket(CentralAuthenticationServiceImpl.java:392)

	at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)

	at sun.reflect.NativeMethodAccessorImpl.invoke(Unknown Source)

	at sun.reflect.DelegatingMethodAccessorImpl.invoke(Unknown Source)

	at java.lang.reflect.Method.invoke(Unknown Source)

	at org.springframework.aop.support.AopUtils.invokeJoinpointUsingReflection(AopUtils.java:317)

	at org.springframework.aop.framework.ReflectiveMethodInvocation.invokeJoinpoint(ReflectiveMethodInvocation.java:190)

	at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:157)

	at org.springframework.aop.aspectj.MethodInvocationProceedingJoinPoint.proceed(MethodInvocationProceedingJoinPoint.java:85)

	at org.jasig.inspektr.audit.AuditTrailManagementAspect.handleAuditTrail(AuditTrailManagementAspect.java:128)

	at sun.reflect.GeneratedMethodAccessor123.invoke(Unknown Source)

	at sun.reflect.DelegatingMethodAccessorImpl.invoke(Unknown Source)

	at java.lang.reflect.Method.invoke(Unknown Source)

	at org.springframework.aop.aspectj.AbstractAspectJAdvice.invokeAdviceMethodWithGivenArgs(AbstractAspectJAdvice.java:621)

	at org.springframework.aop.aspectj.AbstractAspectJAdvice.invokeAdviceMethod(AbstractAspectJAdvice.java:610)

	at org.springframework.aop.aspectj.AspectJAroundAdvice.invoke(AspectJAroundAdvice.java:68)

	at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:168)

	at org.springframework.aop.interceptor.ExposeInvocationInterceptor.invoke(ExposeInvocationInterceptor.java:92)

	at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:179)

	at com.ryantenney.metrics.spring.MeteredMethodInterceptor.invoke(MeteredMethodInterceptor.java:45)

	at com.ryantenney.metrics.spring.MeteredMethodInterceptor.invoke(MeteredMethodInterceptor.java:32)

	at com.ryantenney.metrics.spring.AbstractMetricMethodInterceptor.invoke(AbstractMetricMethodInterceptor.java:59)

	at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:179)

	at com.ryantenney.metrics.spring.TimedMethodInterceptor.invoke(TimedMethodInterceptor.java:48)

	at com.ryantenney.metrics.spring.TimedMethodInterceptor.invoke(TimedMethodInterceptor.java:34)

	at com.ryantenney.metrics.spring.AbstractMetricMethodInterceptor.invoke(AbstractMetricMethodInterceptor.java:59)

	at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:179)

	at org.springframework.aop.framework.JdkDynamicAopProxy.invoke(JdkDynamicAopProxy.java:207)

	at com.sun.proxy.$Proxy50.delegateTicketGrantingTicket(Unknown Source)

	at org.jasig.cas.web.ServiceValidateController.handleRequestInternal(ServiceValidateController.java:152)

	at org.springframework.web.servlet.mvc.AbstractController.handleRequest(AbstractController.java:146)

	at org.springframework.web.servlet.mvc.SimpleControllerHandlerAdapter.handle(SimpleControllerHandlerAdapter.java:50)

	at org.springframework.web.servlet.DispatcherServlet.doDispatch(DispatcherServlet.java:959)

	at org.springframework.web.servlet.DispatcherServlet.doService(DispatcherServlet.java:893)

	at org.springframework.web.servlet.FrameworkServlet.processRequest(FrameworkServlet.java:967)

	at org.springframework.web.servlet.FrameworkServlet.doGet(FrameworkServlet.java:858)

	at javax.servlet.http.HttpServlet.service(HttpServlet.java:635)

	at org.springframework.web.servlet.FrameworkServlet.service(FrameworkServlet.java:843)

	at javax.servlet.http.HttpServlet.service(HttpServlet.java:742)

	at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:231)

	at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166)

	at org.apache.tomcat.websocket.server.WsFilter.doFilter(WsFilter.java:52)

	at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193)

	at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166)

	at org.jasig.cas.security.RequestParameterPolicyEnforcementFilter.doFilter(RequestParameterPolicyEnforcementFilter.java:250)

	at org.springframework.web.filter.DelegatingFilterProxy.invokeDelegate(DelegatingFilterProxy.java:344)

	at org.springframework.web.filter.DelegatingFilterProxy.doFilter(DelegatingFilterProxy.java:261)

	at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193)

	at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166)

	at org.jasig.inspektr.common.web.ClientInfoThreadLocalFilter.doFilter(ClientInfoThreadLocalFilter.java:62)

	at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193)

	at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166)

	at org.springframework.web.filter.CharacterEncodingFilter.doFilterInternal(CharacterEncodingFilter.java:85)

	at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:107)

	at org.springframework.web.filter.DelegatingFilterProxy.invokeDelegate(DelegatingFilterProxy.java:344)

	at org.springframework.web.filter.DelegatingFilterProxy.doFilter(DelegatingFilterProxy.java:261)

	at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193)

	at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166)

	at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:198)

	at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:96)

	at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:496)

	at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:140)

	at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:81)

	at org.apache.catalina.valves.AbstractAccessLogValve.invoke(AbstractAccessLogValve.java:650)

	at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:87)

	at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:342)

	at org.apache.coyote.http11.Http11Processor.service(Http11Processor.java:803)

	at org.apache.coyote.AbstractProcessorLight.process(AbstractProcessorLight.java:66)

	at org.apache.coyote.AbstractProtocol$ConnectionHandler.process(AbstractProtocol.java:790)

	at org.apache.tomcat.util.net.NioEndpoint$SocketProcessor.doRun(NioEndpoint.java:1459)

	at org.apache.tomcat.util.net.SocketProcessorBase.run(SocketProcessorBase.java:49)

	at java.util.concurrent.ThreadPoolExecutor.runWorker(Unknown Source)

	at java.util.concurrent.ThreadPoolExecutor$Worker.run(Unknown Source)

	at org.apache.tomcat.util.threads.TaskThread$WrappingRunnable.run(TaskThread.java:61)

	at java.lang.Thread.run(Unknown Source)

Caused by: java.lang.RuntimeException: Unexpected error: java.security.InvalidAlgorithmParameterException: the trustAnchors parameter must be non-empty

	at sun.security.validator.PKIXValidator.<init>(Unknown Source)

	at sun.security.validator.Validator.getInstance(Unknown Source)

	at sun.security.ssl.X509TrustManagerImpl.getValidator(Unknown Source)

	at sun.security.ssl.X509TrustManagerImpl.checkTrustedInit(Unknown Source)

	at sun.security.ssl.X509TrustManagerImpl.checkTrusted(Unknown Source)

	at sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(Unknown Source)

	at org.jasig.cas.authentication.FileTrustStoreSslSocketFactory$CompositeX509TrustManager.checkServerTrusted(FileTrustStoreSslSocketFactory.java:281)

	at sun.security.ssl.AbstractTrustManagerWrapper.checkServerTrusted(Unknown Source)

	at sun.security.ssl.ClientHandshaker.serverCertificate(Unknown Source)

	at sun.security.ssl.ClientHandshaker.processMessage(Unknown Source)

	at sun.security.ssl.Handshaker.processLoop(Unknown Source)

	at sun.security.ssl.Handshaker.process_record(Unknown Source)

	at sun.security.ssl.SSLSocketImpl.readRecord(Unknown Source)

	at sun.security.ssl.SSLSocketImpl.performInitialHandshake(Unknown Source)

	... 118 more

Caused by: java.security.InvalidAlgorithmParameterException: the trustAnchors parameter must be non-empty

	at java.security.cert.PKIXParameters.setTrustAnchors(Unknown Source)

	at java.security.cert.PKIXParameters.<init>(Unknown Source)

	at java.security.cert.PKIXBuilderParameters.<init>(Unknown Source)

	... 132 more

2018-06-29 11:36:06,259 INFO [org.jasig.cas.authentication.PolicyBasedAuthenticationManager] - HttpBasedServiceCredentialsAuthenticationHandler failed authenticating https://192.168.x.xxx:8080/uwp/proxyCallback

2018-06-29 11:36:06,260 INFO [org.jasig.inspektr.audit.support.Slf4jLoggingAuditTrailManager] - Audit trail record BEGIN

=============================================================

WHO: https://192.168.x.xxx:8080/uwp/proxyCallback

WHAT: supplied credentials: [https://192.168.x.xxx:8080/uwp/proxyCallback]

ACTION: AUTHENTICATION_FAILED

APPLICATION: CAS

WHEN: Fri Jun 29 11:36:06 CST 2018

CLIENT IP ADDRESS: 192.168.x.xxx

SERVER IP ADDRESS: 192.168.x.xxx

=============================================================

2018-06-29 11:36:06,260 INFO [org.jasig.inspektr.audit.support.Slf4jLoggingAuditTrailManager] - Audit trail record BEGIN

=============================================================

WHO: https://192.168.x.xxx:8080/uwp/proxyCallback

WHAT: supplied credentials: [https://192.168.x.xxx:8080/uwp/proxyCallback]

ACTION: AUTHENTICATION_FAILED

APPLICATION: CAS

WHEN: Fri Jun 29 11:36:06 CST 2018

CLIENT IP ADDRESS: 192.168.x.xxx

SERVER IP ADDRESS: 192.168.x.xxx

=============================================================

2018-06-29 11:36:06,262 INFO [org.jasig.inspektr.audit.support.Slf4jLoggingAuditTrailManager] - Audit trail record BEGIN

=============================================================

WHO: admin

WHAT: 1 errors, 0 successes

ACTION: PROXY_GRANTING_TICKET_NOT_CREATED

APPLICATION: CAS

WHEN: Fri Jun 29 11:36:06 CST 2018

CLIENT IP ADDRESS: 192.168.x.xxx

SERVER IP ADDRESS: 192.168.x.xxx

=============================================================

  说是证书有问题,然后又重新导入了证书还是报错

报错原因:

命令行启动tomcat时发现JRE_HOME路径是jre的,但是当时生成证书时放到jdk中了

C:\SOFT\apache-tomcat-6.0.44\bin>startup.bat

Using CATALINA_BASE:   "C:\SOFT\apache-tomcat-6.0.44"

Using CATALINA_HOME:   "C:\SOFT\apache-tomcat-6.0.44"

Using CATALINA_TMPDIR: "C:\SOFT\apache-tomcat-6.0.44\temp"

Using JRE_HOME:        "C:\Java\jre1.7"

Using CLASSPATH:       "C:\SOFT\apache-tomcat-6.0.44\bin\bootstrap.jar"

C:\SOFT\apache-tomcat-6.0.44\bin>

  解决方法:

cas客户端和服务端分别放不同版本tomcat中。第二个tomcat的startup.bat和shutdown.bat文件增加了以下参数

SET JRE_HOME=C:\Java\jdk1.7

SET JAVA_HOME=C:\Java\jdk1.7

SET CATALINA_HOME=C:\SOFT\apache-tomcat-8.5.30

  

cas-client登录后报INVALID_PROXY_CALLBACK的更多相关文章

  1. CAS Client集群环境的Session问题及解决方案

    [原创申明:文章为原创,欢迎非盈利性转载,但转载必须注明来源] 之前写过一篇文章,介绍单点登录的基本原理.这篇文章重点介绍开源单点登录系统CAS的登录和注销的实现方法.并结合实际工作中碰到的问题,探讨 ...

  2. CAS Client集群环境的Session问题及解决方案介绍,下篇介绍作者本人项目中的解决方案代码

    CAS Client集群环境的Session问题及解决方案  程序猿讲故事  2016-05-20  原文 [原创申明:文章为原创,欢迎非盈利性转载,但转载必须注明来源] 之前写过一篇文章,介绍单点登 ...

  3. (转)基于CAS实现单点登录(SSO):cas client端的退出问题

    出处:http://blog.csdn.net/tch918/article/details/22276627 自从CAS 3.4就很好的支持了单点注销功能,配置也很简单. 之前版本因为在CAS服务器 ...

  4. cas 单点登录出现org.jasig.cas.client.util.CommonUtils.getResponseFromServer - 拒绝连接 Connection refused

    cas 单点登录出现org.jasig.cas.client.util.CommonUtils.getResponseFromServer - 拒绝连接 Connection refused 环境: ...

  5. cas+tomcat+shiro实现单点登录-4-Apache Shiro 集成Cas作为cas client端实现

    目录 1.tomcat添加https安全协议 2.下载cas server端部署到tomcat上 3.CAS服务器深入配置(连接MYSQL) 4.Apache Shiro 集成Cas作为cas cli ...

  6. [原]基于CAS实现单点登录(SSO):cas client端的退出问题

    自从CAS 3.4就很好的支持了单点注销功能,配置也很简单. 之前版本因为在CAS服务器通过HttpClient发送消息时并未指定为POST方式,所以在CAS客户端的注销Filter中没有收到POST ...

  7. [原]基于CAS实现单点登录(SSO):登录成功后,cas client如何返回更多用户信息

    从cas server登录成功后,默认只能从casclient得到用户名.但程序中也可能遇到需要得到更多如姓名,手机号,email等更多用户信息的情况. cas client拿到用户名后再到数据库中查 ...

  8. cas单点登录系统:客户端(client)详细配置

    最近一直在研究cas登录中心这一块的应用,分享一下记录的一些笔记和心得.后面会把cas-server端的配置和重构,另外还有这几天再搞nginx+cas的https反向代理配置,以及cas的证书相关的 ...

  9. CAS Client集群环境的Session问题及解决方案 不能退出登录

    casclient源代码下载链接:https://github.com/apereo/java-cas-client cas官网链接:https://www.apereo.org/projects/c ...

随机推荐

  1. javascript递归导致的堆栈溢出

    function foo() {foo(); //setTimeout(foo, 0);   } foo() 原因是每次执行代码时,都会分配一定尺寸的栈空间(Windows系统中为1M),每次方法调用 ...

  2. 一个简单的观察者模式的JS实现

    这不是原创文章,主要是写给自己看的.原文比较详细容易让人,我提取最简单最好理解的部分,便于我以后用到.参考http://www.cnblogs.com/TomXu/archive/2012/03/02 ...

  3. adb命令安装apk

    1.将需要安装的apk放在platform-tools下 2.将手机和电脑连接,在cmd中输入 adb devices查看 3.使用adb命令安装apk,在cmd中输入:adb install apk ...

  4. Session History 属性和方法

    History 接口允许操作浏览器的曾经在标签页或者框架里访问的会话历史记录. js通过window.history来访问和操作的,操作的范围是某个tab的会话历史记录. 这个tab打开后,tab内的 ...

  5. javascript reg 不加入分组

    from :https://stackoverflow.com/questions/3512471/what-is-a-non-capturing-group-what-does-a-question ...

  6. kudu yum 安装

    yum 源 http://archive.cloudera.com/kudu/redhat/7/x86_64/kudu/cloudera-kudu.repo [cloudera-kudu] # Pac ...

  7. Centos7配置 SNMP服务

    本文转载至:http://blog.51cto.com/5001660/2097212   一.安装yum源安装SNMP软件包 1.更新yum源: yum clean all yum makecach ...

  8. Spring Could与Dubbo、Docker、K8S

    如果你是在一个中小型项目中应用Spring Cloud,那么你不需要太多的改造和适配,就可以实现微服务的基本功能.但是如果是在大型项目中实践微服务,可能会发现需要处理的问题还是比较多,尤其是项目中老代 ...

  9. java IDE 中安装 lombok plugin 插件,并使用 @Slf4j 注解打印日志初体验

    lombok 插件介绍: IntelliJ IDEA官方插件页面:https://plugins.jetbrains.com/plugin/6317-lombok-plugin 使用lombok之后, ...

  10. ASP.NET 获得当前网页名字

    Code string currentFilePath = HttpContext.Current.Request.FilePath; string CurrentPageName = current ...