Hi Alin, Have you been able to start CAS server with the generated keys? How did you manage to generate the required keyStore files and the stscasrealm.jks in the end? Please advice. I am dealing with this for over a week and I'm not able to start CAS server with WS Fed support.
thank you so much. Beni On Thursday, May 3, 2018 at 8:43:18 AM UTC-7, Alin Tomoiaga wrote: > > There are some encryption parameters that I have tried, but I am not sure >> what they do. I generated my own jks with the java keytool and placed them >> at the specified locations. Do these settings have anything to do with the >> cxf error above? Maybe, I tried to generate jks files with keytool, >> otherwise the server does not start, but am I doing it wrong? >> > > > keytool -genkey -alias realmcas -keyalg RSA -validity 10800 -keystore > stscasrealm.jks > keytool -export -alias ralmcas -keystore stscasrealm.jks -rfc -file > X509_certificate.cer > > > > cas.authn.wsfedIdp.idp.realm=urn:org:apereo:cas:ws:idp:realm-CAS > cas.authn.wsfedIdp.idp.realmName=CAS > > cas.authn.wsfedIdp.sts.signingKeystoreFile=/etc/cas/config/ststrust.jks > cas.authn.wsfedIdp.sts.signingKeystorePassword=storepass > > cas.authn.wsfedIdp.sts.encryptionKeystoreFile=/etc/cas/config/stsencrypt.jks > cas.authn.wsfedIdp.sts.encryptionKeystorePassword=storepass > > # cas.authn.wsfedIdp.sts.subjectNameIdFormat=unspecified > # cas.authn.wsfedIdp.sts.encryptTokens=true > > # cas.authn.wsfedIdp.sts.realm.keystoreFile=/etc/cas/config/stscasrealm.jks > # cas.authn.wsfedIdp.sts.realm.keystorePassword=storepass > # cas.authn.wsfedIdp.sts.realm.keystoreAlias=realmcas > # cas.authn.wsfedIdp.sts.realm.keyPassword=cas > # cas.authn.wsfedIdp.sts.realm.issuer=CAS > > -- - Website: https://apereo.github.io/cas - Gitter Chatroom: https://gitter.im/apereo/cas - List Guidelines: https://goo.gl/1VRrw7 - Contributions: https://goo.gl/mh7qDG --- You received this message because you are subscribed to the Google Groups "CAS Community" group. To unsubscribe from this group and stop receiving emails from it, send an email to cas-user+unsubscr...@apereo.org. To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/32a90cb8-f564-4837-ba6b-213500e2da32%40apereo.org.