idp.authn.LDAP.sslConfig set to jvmTrust odity
Cantor, Scott
cantor.2 at osu.edu
Mon May 11 13:57:20 EDT 2015
On 5/11/15, 1:09 PM, "Jeffrey Crawford" <jeffreyc at ucsc.edu> wrote:
>The first scenario is sort of hit or miss so let me figure that one out, but the second issue trying to use the resolver is pretty consistent:
>
>In ldap.properties
>idp.authn.LDAP.sslConfig = jvmTrust
>idp.authn.LDAP.trustCertificates = %{idp.home}/credentials/ldap-server.crt
>
>However ldap-server.crt file doesn't exist:, then excecute:
>shibboleth-idp/bin/reload-service.sh -id shibboleth.AttributeResolverService
That should happen on start up anyway, it shouldn't take a reload. In such a case, that's not a bug, it's just "hey, you chose to configure the attribute resolver with that property and you didn't provide the necesary file". We don't ship a resolver configuration by default that makes use of that property so that there's no "out of box" failure on that. Of course, authentication is a slightly different story, so that part I still think is a concern.
However, if it loads initially but only fails on a reload, that sounds like a bug.
-- Scott
More information about the users
mailing list