LDAP SSL with it's own JKS on IDP?
Daniel Fisher
dfisher at vt.edu
Wed Oct 16 15:05:55 EDT 2013
On Tue, Oct 15, 2013 at 3:38 PM, Byte Flinger <byteflinger at gmail.com> wrote:
> Unfortunately it is not an option for me.
> Is that a limitation of the product? Push comes to shove I could use the
> java keystore but I'd rather keep it in a separate keystore if possible.
>
I think your best course of action would be to switch to ldaptive (
www.ldaptive.org) for the JAAS config.
While you can do this with vt-ldap, the list of caveats and gotchas is more
than I would like.
ShibUserPassAuth {
org.ldaptive.jaas.LdapLoginModule required
ldapUrl="ldap://directory.com"
baseDn="ou=people,dc=com"
useSSL="true"
userFilter="(uid={user})"
credentialConfig="org.ldaptive.ssl.KeyStoreCredentialConfig{{trustStore=file:/path/to/my/truststore}}";
};
Let me know if that does what you want.
--Daniel Fisher
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://shibboleth.net/pipermail/users/attachments/20131016/b5999af2/attachment.html
More information about the users
mailing list