idp.authn.LDAP.sslConfig set to jvmTrust odity

Jeffrey Crawford jeffreyc at
Mon May 11 13:09:51 EDT 2015

The first scenario is sort of hit or miss so let me figure that one out,
but the second issue trying to use the resolver is pretty consistent:

idp.authn.LDAP.sslConfig                        = jvmTrust
idp.authn.LDAP.trustCertificates                =

However ldap-server.crt file doesn't exist:, then excecute:
shibboleth-idp/bin/ -id shibboleth.AttributeResolverService

Then the idp-process-log file starts error out. If I comment out
idp.authn.LDAP.trustCertificates, then it says it's not set

Jeffrey E. Crawford
ITS Application Administrator (IdM)
jeffreyc at

Both pilots and IT professionals require training and currency before
charging into clouds!

On Fri, May 8, 2015 at 8:24 PM, Cantor, Scott <cantor.2 at> wrote:

> > > but trying to set idp.authn.LDAP.sslConfig=jvmTrust has been making the
> > > software kinda go haywire.
> Can you identify which service you reloaded that caused the error? That
> doesn't seem to be obviously reproducible to me, and really it shouldn't be
> possible. If the file were needed and wasn't present, that should be true
> initially or afterward.
> That might be a function of just being confused about the changes, and
> accidentally putting in a config choice that did actually depend on that
> cert file being present.
> -- Scott
> --
> To unsubscribe from this list send an email to
> users-unsubscribe at
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <>

More information about the users mailing list