idp.authn.LDAP.sslConfig set to jvmTrust odity

NPTabunakawai nimcee at
Tue May 12 02:45:19 EDT 2015

Hi Scott, I'm facing similar issues with and would like to
ask, is it possible to retrieve attributes without any TLS/SSL
configuration?(and without ldap-server.crt) Or should
idp.authn.LDAP.sslConfig and trustCertificates always be defined?

On Tue, May 12, 2015 at 6:08 AM, Cantor, Scott <cantor.2 at> wrote:

> On 5/11/15, 1:57 PM, "Cantor, Scott" <cantor.2 at> wrote:
> >On 5/11/15, 1:09 PM, "Jeffrey Crawford" <jeffreyc at> wrote:
> >
> >>The first scenario is sort of hit or miss so let me figure that one out,
> but the second issue trying to use the resolver is pretty consistent:
> >>
> >>In
> >>idp.authn.LDAP.sslConfig                        = jvmTrust
> >>idp.authn.LDAP.trustCertificates                =
> %{idp.home}/credentials/ldap-server.crt
> >>
> >>However ldap-server.crt file doesn't exist:, then excecute:
> >>shibboleth-idp/bin/ -id
> shibboleth.AttributeResolverService
> >
> >That should happen on start up anyway, it shouldn't take a reload.
> I just tested with a resolver connector using that property with the
> property set to a non-existent file, and the IdP starts but with a failed
> resolver service, no reload involved.
> If you want to fail outright, change the failFast property on that service.
> It's behaving as designed as far as I can see, modulo the question of
> whether we can accomodate comment it out, which is much harder.
> -- Scott
> --
> To unsubscribe from this list send an email to
> users-unsubscribe at
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <>

More information about the users mailing list