Announcement Announcement Module
Collapse
No announcement yet.
trustAnchors parameter must be non-empty Page Title Module
Move Remove Collapse
This topic is closed
X
X
Conversation Detail Module
Collapse
  • Filter
  • Time
  • Show
Clear All
new posts

  • trustAnchors parameter must be non-empty

    Hi,
    This error has been really troubling me for long. I am using CAS for authentication and Acegi for the rest. I have not currently done the authorization part of the application but I am basing it off the contact-cas example.

    I get redirected to CAS properly and CAS does create a ticket but once it comes back to acegi, I get the following:

    2006-10-10 10:49:08,210 INFO [org.jasig.cas.authentication.AuthenticationManager Impl] - <AuthenticationHandler: org.jasig.cas.adaptors.ldap.BindLdapAuthentication Handler successfully authenticated the user which provided the following credentials: pnayar>
    2006-10-10 10:49:08,220 INFO [org.jasig.cas.CentralAuthenticationServiceImpl] - <Granted service ticket [ST-4-QES0DUIeGDwawhIEiNRWpSaOAfNlWuIa4t2-20] for service [https://localhost:8443/paf/j_acegi_cas_security_check] for user [pnayar]>
    10:49:08,240 WARN LoggerListener:55 - Authentication event AuthenticationFailureServiceExceptionEvent: _cas_stateful_; details: org.acegisecurity.ui.WebAuthenticationDetails@12af c: RemoteIpAddress: 127.0.0.1; SessionId: 0490A4786F1D2DAC17B20A3043929C7B; exception: java.lang.RuntimeException: Unexpected error: java.security.InvalidAlgorithmParameterException: the trustAnchors parameter must be non-empty
    10:49:08,240 WARN LoggerListener:55 - Authentication event AuthenticationFailureServiceExceptionEvent: _cas_stateful_; details: org.acegisecurity.ui.WebAuthenticationDetails@12af c: RemoteIpAddress: 127.0.0.1; SessionId: 0490A4786F1D2DAC17B20A3043929C7B; exception: java.lang.RuntimeException: Unexpected error: java.security.InvalidAlgorithmParameterException: the trustAnchors parameter must be non-empty

  • #2
    You want to check that:
    1. your certificates are valid
    2. the CAS certificate is in your truststore (usually "$JRE/lib/security/cacerts" where $JRE is the path to your JRE ; check that this is the jdk / jre you're running on)
    3. check that the path is correctly written. Warning! if you are under Windows and set your truststore path in a .properties file, remember that strings are processed as Java strings, and that "\" is an escaping character... So you would write for instance:
      Code:
      trustStore=C:\\Program Files\\Java\\jre1.5.0_06\\lib\\security\\cacerts
    Last edited by Tama-Chan; Oct 21st, 2006, 04:32 PM.

    Comment

    Working...
    X