Hi Alin, Have you been able to start CAS server with the generated keys? How did you manage to generate the required keyStore files and the stscasrealm.jks in the end? Please advice. I am dealing with this for over a week and I'm not able to start CAS server with WS Fed support.
thank you so much. Beni On Thursday, May 3, 2018 at 8:43:18 AM UTC-7, Alin Tomoiaga wrote: > > There are some encryption parameters that I have tried, but I am not sure >> what they do. I generated my own jks with the java keytool and placed them >> at the specified locations. Do these settings have anything to do with the >> cxf error above? Maybe, I tried to generate jks files with keytool, >> otherwise the server does not start, but am I doing it wrong? >> > > > keytool -genkey -alias realmcas -keyalg RSA -validity 10800 -keystore > stscasrealm.jks > keytool -export -alias ralmcas -keystore stscasrealm.jks -rfc -file > X509_certificate.cer > > > > cas.authn.wsfedIdp.idp.realm=urn:org:apereo:cas:ws:idp:realm-CAS > cas.authn.wsfedIdp.idp.realmName=CAS > > cas.authn.wsfedIdp.sts.signingKeystoreFile=/etc/cas/config/ststrust.jks > cas.authn.wsfedIdp.sts.signingKeystorePassword=storepass > > cas.authn.wsfedIdp.sts.encryptionKeystoreFile=/etc/cas/config/stsencrypt.jks > cas.authn.wsfedIdp.sts.encryptionKeystorePassword=storepass > > # cas.authn.wsfedIdp.sts.subjectNameIdFormat=unspecified > # cas.authn.wsfedIdp.sts.encryptTokens=true > > # cas.authn.wsfedIdp.sts.realm.keystoreFile=/etc/cas/config/stscasrealm.jks > # cas.authn.wsfedIdp.sts.realm.keystorePassword=storepass > # cas.authn.wsfedIdp.sts.realm.keystoreAlias=realmcas > # cas.authn.wsfedIdp.sts.realm.keyPassword=cas > # cas.authn.wsfedIdp.sts.realm.issuer=CAS > > -- - Website: https://apereo.github.io/cas - Gitter Chatroom: https://gitter.im/apereo/cas - List Guidelines: https://goo.gl/1VRrw7 - Contributions: https://goo.gl/mh7qDG --- You received this message because you are subscribed to the Google Groups "CAS Community" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/32a90cb8-f564-4837-ba6b-213500e2da32%40apereo.org.
