1. Cas report No Subject Alternative Names Present
2. Cas ‘principal’ cannot be null.
3. Cas error PKIX Path Validation failed.
 

1, cas report No subject alternative names present
1.1 Error Prompt
[org.jasig.cas.client.util.CommonUtils]-[ERROR]java.security.cert.CertificateException: No subject alternative names present
javax.net.ssl.SSLHandshakeException: java.security.cert.CertificateException: No subject alternativenames present
Atsun. Security. SSL. Alerts. GetSSLException ( Alerts. Java: 192 )
Atsun. Security. SSL. SSLSocketImpl. Fatal ( SSLSocketImpl. Java: 1937 )
Atsun. Security. SSL. Handshaker. FatalSE ( Handshaker. Java: 302 )
Atsun. Security. SSL. Handshaker. FatalSE ( Handshaker. Java: 296 )
1.2 Reasons and Solutions
The reason is that the IP address cannot be used in the URL of THE IP address. Please check whether you use the IP address when accessing the CAS server, such as 127.0.0.1, etc. If the IP address is used, please change it to the domain name; if 127.0.0.1 is used, change it to localhost.
If it still doesn’t work out, you should abandon your environment and build a new one. Run correctly first, then expand and modify on the basis of running. A perfect working environment (just follow the steps) :
http://blog.csdn.net/pucao_cug/article/details/70182968
 
Cas ‘principal’ cannot be null.
2.1 Error Prompt
[org.jasig.cas.web.flow.AuthenticationViaFormAction]- < ‘principal’ cannot be null.
Check the correctness of @Auditannotation at the following audit point: execution(public abstractorg.jasig.cas.authentication.Authenticationorg.jasig.cas.authentication.AuthenticationManager.authenticate(org.jasig.cas.authentication.AuthenticationTransaction))
java.lang.IllegalArgumentException: ‘principal’ cannot be null.
Check the correctness of @Auditannotation at the following audit point: execution(public abstractorg.jasig.cas.authentication.Authenticationorg.jasig.cas.authentication.AuthenticationManager.authenticate(org.jasig.cas.authentication.AuthenticationTransaction))atorg.jasig.inspektr.audit.Au ditActionContext.assertNotNull
2.2 Reasons and solutions
The reason is that your server environment lacks commons-Collections4 jar package, which is needed when cas4.2.7 server reads more information about users from the database. You can download Commons-Collections4-4.1. Jar is added to the server under Web-inf /lib.
If it still doesn’t work out, you should abandon your environment and build a new one. Run correctly first, then expand and modify on the basis of running. A perfect working environment (just follow the steps) :
http://blog.csdn.net/pucao_cug/article/details/70182968
 
Cas error PKIX path validation failed
3.1 Error Prompt
javax.net.ssl.SSLHandshakeException:sun.security.validator.ValidatorException: PKIX path validation failed:java.security.cert.CertPathValidatorException: signature check failed
At sun. Security. SSL. Alerts. GetSSLException (Alerts. Java: 192)
Atsun. Security. SSL. SSLSocketImpl. Fatal (SSLSocketImpl. Java: 1937)
At sun. Security. SSL. Handshaker. FatalSE (Handshaker. Java: 302)
At sun. Security. SSL. Handshaker. FatalSE (Handshaker. Java: 296)
At sun. Security. SSL. ClientHandshaker. ServerCertificate (ClientHandshaker. Java: 1478)
Atsun. Security. SSL. ClientHandshaker. Intrinsic processMessage (ClientHandshaker. Java: 212)
Atsun. Security. SSL. Handshaker. ProcessLoop (Handshaker. Java: 969)
Atsun. Security. SSL. Handshaker. Process_record (Handshaker. Java: 904)
Atsun. Security. SSL. SSLSocketImpl. ReadRecord (SSLSocketImpl. Java: 1050)
Atsun. Security. SSL. SSLSocketImpl. PerformInitialHandshake (SSLSocketImpl. Java: 1363)
Atsun. Security. SSL. SSLSocketImpl. StartHandshake (SSLSocketImpl. Java: 1391)
At sun. Security. SSL. SSLSocketImpl. StartHandshake (SSLSocketImpl. Java: 1375)
Atsun.net.www.protocol.https.HttpsClient.afterConnect (HttpsClient. Java: 563)
Atsun.net.www.protocol.https.AbstractDelegateHttpsURLConnection.connect (AbstractDelegateHttpsURLConnection. Java: 185)
The at sun.net.www.protocol.http.HttpURLConnection.getInputStream0 (HttpURLConnection. Java: 1512)
Atsun.net.www.protocol.http.HttpURLConnection.getInputStream (HttpURLConnection. Java: 1440)
Atsun.net.www.protocol.https.HttpsURLConnectionImpl.getInputStream (HttpsURLConnectionImpl. Java: 254)
Caused by:java.security.SignatureException: Signature does not match.
Atsun. Security. X509. X509CertImpl. Verify (X509CertImpl. Java: 449)
Atsun. Security. The provider. Certpath. BasicChecker. VerifySignature (BasicChecker. Java: 166)
At sun. Security. The provider. Certpath. BasicChecker. Check (BasicChecker. Java: 147)
Atsun. Security. The provider. Certpath. PKIXMasterCertPathValidator. Validate (PKIXMasterCertPathValidator. Java: 119)
… 56 more
3.2 Reasons and solutions
The reason is that one of the things you need to do when using the HTTPS protocol is to generate a secret key library on the CAS server, add a secret key pair entry to the secret key library, export the information and public key to the digital certificate, and then import the digital certificate into the secret key library of the JRE used by the Web container on the CAS client.
If you don’t know how to generate a secret library, add entries, export and import certificates, you can refer to this blog:
http://blog.csdn.net/pucao_cug/article/details/70136159
 
If it still doesn’t work out, you should abandon your environment and build a new one. Run correctly first, then expand and modify on the basis of running. A perfect working environment (just follow the steps) :
http://blog.csdn.net/pucao_cug/article/details/70182968