I'm attempting to enable credential release using ClearPass configuration 
as described in the documentation 
<https://apereo.github.io/cas/5.0.x/integration/ClearPass.html>.

The *Create Keys *section of this page results in the creation of 4 files:

   - private.key
   - public.key
   - private.p8
   - x509.pem

How is the x509.pem file expected to be used in this process?
I suspect that the certificate request is intended to be sent to a CA for 
signing but once that happens, how would the resulting certificate be used?

I was able to configure my application to successfully receive the user 
credential attribute by providing *public.key* to the CAS server.  I'm 
guessing that this is what is meant by the reference to 
"classpath:RSA1024Public.key" in the *Register Service *section.
I was also able to decrypt the encrypted credential attribute by loading 
the private.p8 file with an instance of PKCS8EncodedKeySpec to generate the 
private key from it.

With this functioning correctly, I am puzzled by the purpose of the 
x509.pem file.  Is there some way to configure the service to read the 
public key from a signed unexpired certificate file?

-- 
- CAS gitter chatroom: https://gitter.im/apereo/cas
- CAS mailing list guidelines: https://apereo.github.io/cas/Mailing-Lists.html
- CAS documentation website: https://apereo.github.io/cas
- CAS project website: https://github.com/apereo/cas
--- 
You received this message because you are subscribed to the Google Groups "CAS 
Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to cas-user+unsubscr...@apereo.org.
To view this discussion on the web visit 
https://groups.google.com/a/apereo.org/d/msgid/cas-user/6a6a28be-e932-4518-a94b-eddf786aa9fe%40apereo.org.

Reply via email to