idp.authn.LDAP.sslConfig set to jvmTrust odity
Cantor, Scott
cantor.2 at osu.edu
Mon May 11 14:08:24 EDT 2015
On 5/11/15, 1:57 PM, "Cantor, Scott" <cantor.2 at osu.edu> wrote:
>On 5/11/15, 1:09 PM, "Jeffrey Crawford" <jeffreyc at ucsc.edu> wrote:
>
>>The first scenario is sort of hit or miss so let me figure that one out, but the second issue trying to use the resolver is pretty consistent:
>>
>>In ldap.properties
>>idp.authn.LDAP.sslConfig = jvmTrust
>>idp.authn.LDAP.trustCertificates = %{idp.home}/credentials/ldap-server.crt
>>
>>However ldap-server.crt file doesn't exist:, then excecute:
>>shibboleth-idp/bin/reload-service.sh -id shibboleth.AttributeResolverService
>
>That should happen on start up anyway, it shouldn't take a reload.
I just tested with a resolver connector using that property with the property set to a non-existent file, and the IdP starts but with a failed resolver service, no reload involved.
If you want to fail outright, change the failFast property on that service.
It's behaving as designed as far as I can see, modulo the question of whether we can accomodate comment it out, which is much harder.
-- Scott
More information about the users
mailing list