--- a/nuxeo-platform-login-cas2/src/main/java/org/nuxeo/ecm/platform/ui/web/auth/cas2/Cas2Authenticator.java	Fri May 14 10:27:36 2010 +0200
+++ b/nuxeo-platform-login-cas2/src/main/java/org/nuxeo/ecm/platform/ui/web/auth/cas2/Cas2Authenticator.java	Wed Jun 09 11:47:42 2010 +0200
@@ -21,10 +21,16 @@
 package org.nuxeo.ecm.platform.ui.web.auth.cas2;
 
 import java.io.IOException;
+import java.io.InputStream;
+import java.io.OutputStream;
+import java.net.URL;
+import java.net.UnknownHostException;
 import java.util.ArrayList;
 import java.util.List;
 import java.util.Map;
 
+import javax.net.ssl.SSLSocket;
+import javax.net.ssl.SSLSocketFactory;
 import javax.servlet.http.HttpServletRequest;
 import javax.servlet.http.HttpServletResponse;
 import javax.xml.parsers.ParserConfigurationException;
@@ -41,11 +47,12 @@
 import edu.yale.its.tp.cas.client.ProxyTicketValidator;
 import edu.yale.its.tp.cas.client.ServiceTicketValidator;

 public class Cas2Authenticator implements NuxeoAuthenticationPlugin,
         NuxeoAuthenticationPluginLogoutExtension {

@@ -248,6 +257,36 @@
         String requestedURI = httpRequest.getRequestURI();
         String context = httpRequest.getContextPath() + '/';
         requestedURI = requestedURI.substring(context.length());
+        // Patch: test if a connection is possible
+        SSLSocketFactory sslsocketfactory = (SSLSocketFactory) SSLSocketFactory.getDefault();
+        try {
+            URL url = new URL(serviceLoginURL);
+            String host = url.getHost();
+            int port = url.getPort();
+            SSLSocket sslsocket = (SSLSocket) sslsocketfactory.createSocket(host, port);
+            InputStream in = sslsocket.getInputStream();
+            OutputStream out = sslsocket.getOutputStream();
+            
+            out.write(1);
+
+            while (in.available() > 0) {
+                System.out.print(in.read());
+            }
+        } catch (UnknownHostException e1) {
+            log.error("Unknown Host", e1);
+            return false;
+        } catch (IOException e1) {
+            if (e1.getMessage().contains("sun.security.validator.ValidatorException")) {
+                log.warn("Certificate is not signed or verified");
+            } else {
+                return false;
+            }            
+        } catch (Exception exception) {
+            log.error("Exception occured", exception);
+            return false;
+        }
+        // end patch
+
         for (String prefixURL : excludePromptURLs) {
             if (requestedURI.startsWith(prefixURL)) {
                 return false;