idp.authn.LDAP.sslConfig set to jvmTrust odity
Jeffrey Crawford
jeffreyc at ucsc.edu
Mon May 11 13:09:51 EDT 2015
The first scenario is sort of hit or miss so let me figure that one out,
but the second issue trying to use the resolver is pretty consistent:
In ldap.properties
idp.authn.LDAP.sslConfig = jvmTrust
idp.authn.LDAP.trustCertificates =
%{idp.home}/credentials/ldap-server.crt
However ldap-server.crt file doesn't exist:, then excecute:
shibboleth-idp/bin/reload-service.sh -id shibboleth.AttributeResolverService
Then the idp-process-log file starts error out. If I comment out
idp.authn.LDAP.trustCertificates, then it says it's not set
Jeffrey E. Crawford
ITS Application Administrator (IdM)
831-459-4365
jeffreyc at ucsc.edu
Both pilots and IT professionals require training and currency before
charging into clouds!
---------------------------------------
On Fri, May 8, 2015 at 8:24 PM, Cantor, Scott <cantor.2 at osu.edu> wrote:
> > > but trying to set idp.authn.LDAP.sslConfig=jvmTrust has been making the
> > > software kinda go haywire.
>
> Can you identify which service you reloaded that caused the error? That
> doesn't seem to be obviously reproducible to me, and really it shouldn't be
> possible. If the file were needed and wasn't present, that should be true
> initially or afterward.
>
> That might be a function of just being confused about the changes, and
> accidentally putting in a config choice that did actually depend on that
> cert file being present.
>
> -- Scott
>
> --
> To unsubscribe from this list send an email to
> users-unsubscribe at shibboleth.net
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://shibboleth.net/pipermail/users/attachments/20150511/2440f43d/attachment.html>
More information about the users
mailing list