LinkBack URL
About LinkBacks
SSO with CAS and Zimbra
Hi,
I have just started using zimbra (bow down! It's great!) mail and need a solution from you experts. Here is the situation:
We have a portal where along with other stuffs we provide emails. Users register with the portal and we make the necessary webservice call to create zimbra user.
We use CAS (Central Authentication Service) for the Single Sign On.
The Problem:
Without the CAS SSO a User logs into the server and zimbra mail could open the user inbox (we use PreAuth service for that). But as soon as we turn on the CAS related servlet filter in the zimbra mail website, it fails because the SSO ticket needs to be validated thru a https url.
I am pretty much sure it's everything to do with the SSL certificate not being available to the zimbra to talk to the CAS service which run on https://myportal.com:8443/cas/service/serviceValidate.
I need your help in importing the client certificate so that zimbra could talk to my CAS server using SSL.
Please note that presently both the applications are running in the same server but different ports. We use JBoss for the main portal/CAS (8080/8443) and zimbra email service runs in the default port (80).
The Server certificate is created using java keytool.
Here is the exception when zimbra mail tries to access the validation url:
Caused by: javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderE xception: unable to find valid certification path to requested target
at com.sun.net.ssl.internal.ssl.Alerts.getSSLExceptio n(Alerts.java:150)
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.fatal(S SLSocketImpl.java:1518)
at com.sun.net.ssl.internal.ssl.Handshaker.fatalSE(Ha ndshaker.java:174)
at com.sun.net.ssl.internal.ssl.Handshaker.fatalSE(Ha ndshaker.java:168)
at com.sun.net.ssl.internal.ssl.ClientHandshaker.serv erCertificate(ClientHandshaker.java:848)
at com.sun.net.ssl.internal.ssl.ClientHandshaker.proc essMessage(ClientHandshaker.java:106)
at com.sun.net.ssl.internal.ssl.Handshaker.processLoo p(Handshaker.java:495)
at com.sun.net.ssl.internal.ssl.Handshaker.process_re cord(Handshaker.java:433)
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.readRec ord(SSLSocketImpl.java:818)
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.perform InitialHandshake(SSLSocketImpl.java:1030)
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.startHa ndshake(SSLSocketImpl.java:1057)
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.startHa ndshake(SSLSocketImpl.java:1041)
at sun.net.http://www.protocol.https.HttpsClien...lient.java:402)
at sun.net.http://www.protocol.https.AbstractDe...ction.java:170)
at sun.net.http://www.protocol.http.HttpURLConn...ction.java:917)
at sun.net.http://www.protocol.https.HttpsURLCo...nImpl.java:234)
at edu.yale.its.tp.cas.util.SecureURL.retrieve(Secure URL.java:84)
at edu.yale.its.tp.cas.client.ServiceTicketValidator. validate(ServiceTicketValidator.java:212)
at edu.yale.its.tp.cas.client.CASReceipt.getReceipt(C ASReceipt.java:50)
... 17 more
Thanks a lot.
bdutta.
