: CAS proxy validation failure - Configured TLS trust engine was not used

Cantor, Scott cantor.2 at osu.edu
Tue Aug 18 23:09:59 UTC 2020

On 8/18/20, 6:28 PM, "users on behalf of Brent Putman" <users-bounces at shibboleth.net on behalf of putmanb at georgetown.edu> wrote:

> Probably the REST data connector could trigger, if it's calling the same route for all users (and using TrustEngine TLS). So
> the fact that we haven't seen it there is curious, unless people typically don't do TLS that way with that component.
>    So I'm not 100% on the exact "why" yet.  Will keep investigating.

I definitely do, and my calls are pretty much always to one place (our Grouper deployment). So it's hard to see the difference unless there's some oddness I'm not seeing in how connections are used in the two classes.

The CAS stuff came later I think, might have been modeled on my connector, which I obviously did by copying your examples and working through how it should be done.

But I haven't seen anything. I'll check in my logs going farther back, but it sounds like Paul's seeing it every time so I can't imagine why I'm not.

One obvious difference: basic auth. My connector has that enabled. Maybe that affects how it deals with connections somehow.

-- Scott

More information about the users mailing list