Comments on: JBoss guide: How to enable SSL (HTTPS) on JBoss, as well as other “nice-to-know” configurations http://roneiv.wordpress.com/2008/01/03/jboss-tutorial-how-to-enable-ssl-https-on-jboss-as-well-as-other-nice-to-know-configurations/ Challenges and solutions within the world of web applications, Jboss and Jsf Thu, 01 Oct 2009 12:44:16 +0000 http://wordpress.com/ hourly 1 By: JbossUser http://roneiv.wordpress.com/2008/01/03/jboss-tutorial-how-to-enable-ssl-https-on-jboss-as-well-as-other-nice-to-know-configurations/#comment-324 JbossUser Fri, 15 May 2009 20:36:06 +0000 http://roneiv.wordpress.com/2008/01/03/jboss-tutorial-how-to-enable-ssl-https-on-jboss-as-well-as-other-nice-to-know-configurations/#comment-324 I followed the above steps and trying to use https://servername:port/portal/ I get the below error: Secure Connection Failed Cannot communicate securely with peer: no common encryption algorithm(s). (Error code: ssl_error_no_cypher_overlap) Any solution would be very appreciated. Thanks in advance. I followed the above steps and trying to use
https://servername:port/portal/

I get the below error:

Secure Connection Failed
Cannot communicate securely with peer: no common encryption algorithm(s).
(Error code: ssl_error_no_cypher_overlap)

Any solution would be very appreciated. Thanks in advance.

]]> By: Bruno http://roneiv.wordpress.com/2008/01/03/jboss-tutorial-how-to-enable-ssl-https-on-jboss-as-well-as-other-nice-to-know-configurations/#comment-242 Bruno Wed, 18 Mar 2009 23:14:34 +0000 http://roneiv.wordpress.com/2008/01/03/jboss-tutorial-how-to-enable-ssl-https-on-jboss-as-well-as-other-nice-to-know-configurations/#comment-242 Thanks, Roneiv! You solved my problem. I was trying to bind a jboss webservice with: -b 192.168.1.190 (my local network IP). But my network has a proxy server, wich one doesn't know how to resolve 192.168.1.190 address. IE and Mozilla knows because I set to not use proxy for local adresses (intranet). But jboss is not aware of this information. So I made the bind to -b 0.0.0.0, and jboss deployed the service on . And everything worked fine. Thank you very much! Thanks, Roneiv!

You solved my problem.

I was trying to bind a jboss webservice with:

-b 192.168.1.190 (my local network IP).

But my network has a proxy server, wich one doesn’t know how to resolve 192.168.1.190 address.

IE and Mozilla knows because I set to not use proxy for local adresses (intranet). But jboss is not aware of this information.

So I made the bind to -b 0.0.0.0, and jboss deployed the service on . And everything worked fine.

Thank you very much!

]]> By: Bimal Thapa http://roneiv.wordpress.com/2008/01/03/jboss-tutorial-how-to-enable-ssl-https-on-jboss-as-well-as-other-nice-to-know-configurations/#comment-231 Bimal Thapa Fri, 20 Feb 2009 11:42:31 +0000 http://roneiv.wordpress.com/2008/01/03/jboss-tutorial-how-to-enable-ssl-https-on-jboss-as-well-as-other-nice-to-know-configurations/#comment-231 Hi roneiv, I am using JBoss Portal Server 2.7.1 and i did exactly what you told to enable SSL, but i must use CAS for SSO. Whenever i start loggin in to JBoss Portal, it shows the CAS login screen, thats fine which is desired, but it fails to validate and the login screen of portal apears which is not desired, as the feature of CAS suggest to login directly into the portal admin control without admin login screen after the login of CAS screen. The error is as follows 17:21:37,548 ERROR [CASReceipt] edu.yale.its.tp.cas.client.CASAuthenticationException: Unable to validate ProxyTicketValidator [[edu.yale.its.tp.cas.client.ProxyTicketValidator proxyList=[null] [edu.yale.its.tp.cas.client.ServiceTicketValidator casValidateUrl=[https://localhost:8443/cas-server-webapp-3.3.1/serviceValidate] ticket=[ST-2-5kcz2oDD1ft4CuzKkUnM-cas] service=[http%3A%2F%2Flocalhost%3A8080%2Fportal%2Fauth%2Fportal%2Fdefault%2Fj_security_check] renew=false]] So if you know some links or u know the solution, plz guide me . Hi roneiv,
I am using JBoss Portal Server 2.7.1 and i did exactly what you told to enable SSL, but i must use CAS for SSO. Whenever i start loggin in to JBoss Portal, it shows the CAS login screen, thats fine which is desired, but it fails to validate and the login screen of portal apears which is not desired, as the feature of CAS suggest to login directly into the portal admin control without admin login screen after the login of CAS screen.

The error is as follows

17:21:37,548 ERROR [CASReceipt] edu.yale.its.tp.cas.client.CASAuthenticationException: Unable to validate ProxyTicketValidator [[edu.yale.its.tp.cas.client.ProxyTicketValidator proxyList=[null] [edu.yale.its.tp.cas.client.ServiceTicketValidator casValidateUrl=[https://localhost:8443/cas-server-webapp-3.3.1/serviceValidate] ticket=[ST-2-5kcz2oDD1ft4CuzKkUnM-cas] service=[http%3A%2F%2Flocalhost%3A8080%2Fportal%2Fauth%2Fportal%2Fdefault%2Fj_security_check] renew=false]]

So if you know some links or u know the solution, plz guide me .

]]> By: roneiv http://roneiv.wordpress.com/2008/01/03/jboss-tutorial-how-to-enable-ssl-https-on-jboss-as-well-as-other-nice-to-know-configurations/#comment-222 roneiv Wed, 14 Jan 2009 08:21:05 +0000 http://roneiv.wordpress.com/2008/01/03/jboss-tutorial-how-to-enable-ssl-https-on-jboss-as-well-as-other-nice-to-know-configurations/#comment-222 David, Thanks for sharing - E - David,

Thanks for sharing

- E -

]]> By: roneiv http://roneiv.wordpress.com/2008/01/03/jboss-tutorial-how-to-enable-ssl-https-on-jboss-as-well-as-other-nice-to-know-configurations/#comment-221 roneiv Wed, 14 Jan 2009 08:19:54 +0000 http://roneiv.wordpress.com/2008/01/03/jboss-tutorial-how-to-enable-ssl-https-on-jboss-as-well-as-other-nice-to-know-configurations/#comment-221 Rale, Sorry, but you cannot enable both http and https on the same port. You can have both active at the same time, but you would have to use different ports I believe. - E - Rale,

Sorry, but you cannot enable both http and https on the same port. You can have both active at the same time, but you would have to use different ports I believe.

- E -

]]> By: Rale http://roneiv.wordpress.com/2008/01/03/jboss-tutorial-how-to-enable-ssl-https-on-jboss-as-well-as-other-nice-to-know-configurations/#comment-220 Rale Tue, 13 Jan 2009 23:19:48 +0000 http://roneiv.wordpress.com/2008/01/03/jboss-tutorial-how-to-enable-ssl-https-on-jboss-as-well-as-other-nice-to-know-configurations/#comment-220 Can I somehow enable http and https on jboss, both protocols to listen on same port for example port 8080 an then define only one secured pege to be https address ... Is there a way to do somthin lije that? Can I somehow enable http and https on jboss, both protocols to listen on same port for example port 8080 an then define only one secured pege to be https address …
Is there a way to do somthin lije that?

]]> By: David http://roneiv.wordpress.com/2008/01/03/jboss-tutorial-how-to-enable-ssl-https-on-jboss-as-well-as-other-nice-to-know-configurations/#comment-210 David Tue, 09 Dec 2008 19:29:46 +0000 http://roneiv.wordpress.com/2008/01/03/jboss-tutorial-how-to-enable-ssl-https-on-jboss-as-well-as-other-nice-to-know-configurations/#comment-210 @NewWithJbossSecurity: I've found that if you enable the SSO valve in the tutorial, you can then send the browser to an https://securesite URL that is protected (via web.xml) thus forcing a login page to appear using https. Once auth succeeds, JBoss will redirect the browser to the orginally requested page (in this case, https://securesite). Inside the JSP for 'securesite', you can detect whether the scheme is https or http. If it's https, you can redirect to the same page, but with an http scheme (you can determine the URL information from the HttpServletRequest object accessible in the JSP or servlet). Keep in mind that if you don't enable the SSO valve, then https authentications will not work to view http resources that have a web.xml auth constraint (JBoss show you a 2nd login page in the http scheme, because http and https don't share cookies). If you enable the SSO valve, then JBoss only requires one login. @NewWithJbossSecurity: I’ve found that if you enable the SSO valve in the tutorial, you can then send the browser to an https://securesite URL that is protected (via web.xml) thus forcing a login page to appear using https.

Once auth succeeds, JBoss will redirect the browser to the orginally requested page (in this case, https://securesite).

Inside the JSP for ’securesite’, you can detect whether the scheme is https or http. If it’s https, you can redirect to the same page, but with an http scheme (you can determine the URL information from the HttpServletRequest object accessible in the JSP or servlet).

Keep in mind that if you don’t enable the SSO valve, then https authentications will not work to view http resources that have a web.xml auth constraint (JBoss show you a 2nd login page in the http scheme, because http and https don’t share cookies). If you enable the SSO valve, then JBoss only requires one login.

]]> By: NewWithJbossSecurity http://roneiv.wordpress.com/2008/01/03/jboss-tutorial-how-to-enable-ssl-https-on-jboss-as-well-as-other-nice-to-know-configurations/#comment-201 NewWithJbossSecurity Thu, 20 Nov 2008 18:51:18 +0000 http://roneiv.wordpress.com/2008/01/03/jboss-tutorial-how-to-enable-ssl-https-on-jboss-as-well-as-other-nice-to-know-configurations/#comment-201 How about U want to login with https once you login you move back to http Example : http://mainPage.com You want to login ..I have a button on the page Login. On Clicking https://mainPage/auth/ Once ur username and password is authenticated How do u refresh the page to http. How do you configure this with JBOSS How about U want to login
with https
once you login you move back to http

Example :
http://mainPage.com

You want to login ..I have a button on the page Login.
On Clicking
https://mainPage/auth/

Once ur username and password is authenticated
How do u refresh the page to http.

How do you configure this with JBOSS

]]> By: roneiv http://roneiv.wordpress.com/2008/01/03/jboss-tutorial-how-to-enable-ssl-https-on-jboss-as-well-as-other-nice-to-know-configurations/#comment-200 roneiv Wed, 19 Nov 2008 14:26:20 +0000 http://roneiv.wordpress.com/2008/01/03/jboss-tutorial-how-to-enable-ssl-https-on-jboss-as-well-as-other-nice-to-know-configurations/#comment-200 Diwant, If you only want to have the https and not http you can disable the HTTP connection, only having the HTTPS connector enabled. - Eivind - Diwant,

If you only want to have the https and not http you can disable the HTTP connection, only having the HTTPS connector enabled.

- Eivind -

]]> By: Diwant Vaidya http://roneiv.wordpress.com/2008/01/03/jboss-tutorial-how-to-enable-ssl-https-on-jboss-as-well-as-other-nice-to-know-configurations/#comment-199 Diwant Vaidya Wed, 19 Nov 2008 10:32:05 +0000 http://roneiv.wordpress.com/2008/01/03/jboss-tutorial-how-to-enable-ssl-https-on-jboss-as-well-as-other-nice-to-know-configurations/#comment-199 Nait, When you do the above, https becomes enabled, but http remains accessible. It isn't one or the other. Diwant Nait,

When you do the above, https becomes enabled, but http remains accessible. It isn’t one or the other.

Diwant

]]>