idp.authn.LDAP.sslConfig set to jvmTrust odity

Cantor, Scott cantor.2 at
Mon May 11 13:57:20 EDT 2015

On 5/11/15, 1:09 PM, "Jeffrey Crawford" <jeffreyc at> wrote:

>The first scenario is sort of hit or miss so let me figure that one out, but the second issue trying to use the resolver is pretty consistent:
>idp.authn.LDAP.sslConfig                        = jvmTrust
>idp.authn.LDAP.trustCertificates                = %{idp.home}/credentials/ldap-server.crt
>However ldap-server.crt file doesn't exist:, then excecute:
>shibboleth-idp/bin/ -id shibboleth.AttributeResolverService

That should happen on start up anyway, it shouldn't take a reload. In such a case, that's not a bug, it's just "hey, you chose to configure the attribute resolver with that property and you didn't provide the necesary file". We don't ship a resolver configuration by default that makes use of that property so that there's no "out of box" failure on that. Of course, authentication is a slightly different story, so that part I still think is a concern.

However, if it loads initially but only fails on a reload, that sounds like a bug.

-- Scott

More information about the users mailing list