Hi,

I am running 2 seperate servers one for hosting my CAS Server and another one hosting my Liferay portal.

CAS server name: quasimodo
Liferay Server: infonet

The cas server is running and authenticating perfectly with LDAP, whenver I access it at https://quasimodo:8443/cas-web/login it logs me in succesfully.

Now I tried to integrate CAS with liferay. So I did the following changes:

1- Updated the portal-ext.properties with the following

cas.auth.enabled=true
cas.import.from.ldap=true
cas.login.url=https://quasimodo:8443/cas-web/login
cas.logout.url=https://quasimodo:8443/cas-web/logout
cas.service.url=http://infonet:8080/c/portal/login
cas.validate.url=https://quasimodo:8443/cas-web/proxyValidate

auto.login.hooks=com.liferay.portal.security.auth.CASAutoLogin

2- Added the line below to system-ext.properties

com.liferay.filters.sso.cas.CASFilter=true

3- Added the following tag to web.xml

<filter>
<filter-name>CAS Filter</filter-name>
<filter-class>com.liferay.portal.servlet.filters.sso.cas.CASFilter</filter-class>
</filter>

4- Also made sure to add the following dispatchers to all auto login filters

<dispatcher>FORWARD</dispatcher> 
<dispatcher>INCLUDE</dispatcher> 
<dispatcher>REQUEST</dispatcher>

5- Copied the following files to WEB-INF/lib:
cas-client-core-3.1.3.jar
commons-logging-1.1.jar
servlet-api-2.3.jar
xmlsec-1.3.0.jar

Now the problem I am facing is that whenever I try to login to Liferay, I go through the liferay home page http://infonet:8080/ and then I select login then I get redirected to my CAS login, once logged in I get a blank page and I get the following error messages

16:18:19,780 ERROR [CASReceipt:55] edu.yale.its.tp.cas.client.CASAuthenticationE
xception: Unable to validate ProxyTicketValidator [[edu.yale.its.tp.cas.client.P
roxyTicketValidator proxyList=[null] [edu.yale.its.tp.cas.client.ServiceTicketVa
lidator casValidateUrl=[https://quasimodo:8443/cas-web/proxyValidate] ticket=[ST
-11-NfqVXuVzxZbTmIBBjdSP-cas] service=[http%3A%2F%2Finfonet%3A8080%2Fc%2Fportal%
2Flogin] renew=false]]]
16:18:19,780 ERROR [CASFilter:380] edu.yale.its.tp.cas.client.CASAuthenticationE
xception: Unable to validate ProxyTicketValidator [[edu.yale.its.tp.cas.client.P
roxyTicketValidator proxyList=[null] [edu.yale.its.tp.cas.client.ServiceTicketVa
lidator casValidateUrl=[https://quasimodo:8443/cas-web/proxyValidate] ticket=[ST
-11-NfqVXuVzxZbTmIBBjdSP-cas] service=[http%3A%2F%2Finfonet%3A8080%2Fc%2Fportal%
2Flogin] renew=false]]]
16:18:19,795 ERROR [CASFilter:60] javax.servlet.ServletException: edu.yale.its.t
p.cas.client.CASAuthenticationException: Unable to validate ProxyTicketValidator
 [[edu.yale.its.tp.cas.client.ProxyTicketValidator proxyList=[null] [edu.yale.it
s.tp.cas.client.ServiceTicketValidator casValidateUrl=[https://quasimodo:8443/ca
s-web/proxyValidate] ticket=[ST-11-NfqVXuVzxZbTmIBBjdSP-cas] service=[http%3A%2F
%2Finfonet%3A8080%2Fc%2Fportal%2Flogin] renew=false]]]
javax.servlet.ServletException: edu.yale.its.tp.cas.client.CASAuthenticationExce
ption: Unable to validate ProxyTicketValidator [[edu.yale.its.tp.cas.client.Prox
yTicketValidator proxyList=[null] [edu.yale.its.tp.cas.client.ServiceTicketValid
ator casValidateUrl=[https://quasimodo:8443/cas-web/proxyValidate] ticket=[ST-11
-NfqVXuVzxZbTmIBBjdSP-cas] service=[http%3A%2F%2Finfonet%3A8080%2Fc%2Fportal%2Fl
ogin] renew=false]]]
        at edu.yale.its.tp.cas.client.filter.CASFilter.doFilter(CASFilter.java:3
81)
        at com.liferay.portal.servlet.filters.sso.cas.CASFilter.doFilter(CASFilt
er.java:93)
        at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(Appl
icationFilterChain.java:235)
        at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationF
ilterChain.java:206)
        at com.liferay.portal.kernel.servlet.BaseFilter.doFilter(BaseFilter.java
:98)
        at com.liferay.portal.servlet.filters.virtualhost.VirtualHostFilter.doFi
lter(VirtualHostFilter.java:149)
        at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(Appl
icationFilterChain.java:235)
        at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationF
ilterChain.java:206)
        at com.liferay.portal.kernel.servlet.BaseFilter.doFilter(BaseFilter.java
:98)
        at com.liferay.portal.servlet.filters.sessionid.SessionIdFilter.doFilter
(SessionIdFilter.java:81)
        at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(Appl
icationFilterChain.java:235)
        at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationF
ilterChain.java:206)
        at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperV
alve.java:233)
        at org.apache.catalina.core.StandardContextValve.invoke(StandardContextV
alve.java:175)
        at org.apache.catalina.authenticator.AuthenticatorBase.invoke(Authentica
torBase.java:433)
        at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.j
ava:128)
        at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.j
ava:102)
        at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineVal
ve.java:109)
        at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.jav
a:286)
        at org.apache.coyote.http11.Http11Processor.process(Http11Processor.java
:844)
        at org.apache.coyote.http11.Http11Protocol$Http11ConnectionHandler.proce
ss(Http11Protocol.java:583)
        at org.apache.tomcat.util.net.JIoEndpoint$Worker.run(JIoEndpoint.java:44
7)
        at java.lang.Thread.run(Thread.java:595)
Caused by: edu.yale.its.tp.cas.client.CASAuthenticationException: Unable to vali
date ProxyTicketValidator [[edu.yale.its.tp.cas.client.ProxyTicketValidator prox
yList=[null] [edu.yale.its.tp.cas.client.ServiceTicketValidator casValidateUrl=[
https://quasimodo:8443/cas-web/proxyValidate] ticket=[ST-11-NfqVXuVzxZbTmIBBjdSP
-cas] service=[http%3A%2F%2Finfonet%3A8080%2Fc%2Fportal%2Flogin] renew=false]]]
        at edu.yale.its.tp.cas.client.CASReceipt.getReceipt(CASReceipt.java:52)
        at edu.yale.its.tp.cas.client.filter.CASFilter.getAuthenticatedUser(CASF
ilter.java:455)
        at edu.yale.its.tp.cas.client.filter.CASFilter.doFilter(CASFilter.java:3
78)
        ... 22 more
Caused by: javax.net.ssl.SSLHandshakeException: sun.security.validator.Validator
Exception: PKIX path building failed: sun.security.provider.certpath.SunCertPath
BuilderException: unable to find valid certification path to requested target
        at com.sun.net.ssl.internal.ssl.Alerts.getSSLException(Alerts.java:150)
        at com.sun.net.ssl.internal.ssl.SSLSocketImpl.fatal(SSLSocketImpl.java:1
584)
        at com.sun.net.ssl.internal.ssl.Handshaker.fatalSE(Handshaker.java:174)
        at com.sun.net.ssl.internal.ssl.Handshaker.fatalSE(Handshaker.java:168)
        at com.sun.net.ssl.internal.ssl.ClientHandshaker.serverCertificate(Clien
tHandshaker.java:848)
        at com.sun.net.ssl.internal.ssl.ClientHandshaker.processMessage(ClientHa
ndshaker.java:106)
        at com.sun.net.ssl.internal.ssl.Handshaker.processLoop(Handshaker.java:4
95)
        at com.sun.net.ssl.internal.ssl.Handshaker.process_record(Handshaker.jav
a:433)
        at com.sun.net.ssl.internal.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.j
ava:877)
        at com.sun.net.ssl.internal.ssl.SSLSocketImpl.performInitialHandshake(SS
LSocketImpl.java:1089)
        at com.sun.net.ssl.internal.ssl.SSLSocketImpl.startHandshake(SSLSocketIm
pl.java:1116)
        at com.sun.net.ssl.internal.ssl.SSLSocketImpl.startHandshake(SSLSocketIm
pl.java:1100)
        at sun.net.www.protocol.https.HttpsClient.afterConnect(HttpsClient.java:
402)
        at sun.net.www.protocol.https.AbstractDelegateHttpsURLConnection.connect
(AbstractDelegateHttpsURLConnection.java:170)
        at sun.net.www.protocol.http.HttpURLConnection.getInputStream(HttpURLCon
nection.java:934)
        at sun.net.www.protocol.https.HttpsURLConnectionImpl.getInputStream(Http
sURLConnectionImpl.java:234)
        at edu.yale.its.tp.cas.util.SecureURL.retrieve(SecureURL.java:84)
        at edu.yale.its.tp.cas.client.ServiceTicketValidator.validate(ServiceTic
ketValidator.java:212)
        at edu.yale.its.tp.cas.client.CASReceipt.getReceipt(CASReceipt.java:50)
        ... 24 more
Caused by: sun.security.validator.ValidatorException: PKIX path building failed:
 sun.security.provider.certpath.SunCertPathBuilderException: unable to find vali
d certification path to requested target
        at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:221)
        at sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.jav
a:145)
        at sun.security.validator.Validator.validate(Validator.java:203)
        at com.sun.net.ssl.internal.ssl.X509TrustManagerImpl.checkServerTrusted(
X509TrustManagerImpl.java:172)
        at com.sun.net.ssl.internal.ssl.JsseX509TrustManager.checkServerTrusted(
SSLContextImpl.java:320)
        at com.sun.net.ssl.internal.ssl.ClientHandshaker.serverCertificate(Clien
tHandshaker.java:841)
        ... 38 more
Caused by: sun.security.provider.certpath.SunCertPathBuilderException: unable to
 find valid certification path to requested target
        at sun.security.provider.certpath.SunCertPathBuilder.engineBuild(SunCert
PathBuilder.java:236)
        at java.security.cert.CertPathBuilder.build(CertPathBuilder.java:194)
        at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:216)
        ... 43 more
16:19:05,109 INFO  [PluginPackageUtil:1140] Reloading repositories

I am using Liferay 5.0.1 on Tomcat 6 width JDK 1.5

Any help or assitance will be really appreciated since I am stuck and quite delayed because of these errors.

Thanks