Daniel (and/or anyone else),
I tried your suggestion but am now getting an UnrecoverableKeyException. (See
my StackOverflow question for reference:
http://stackoverflow.com/questions/24279722/java-spring-unrecoverablekeyexception-with-ssl).
Basically here's my bean:
<bean id="sslConfig" class="org.ldaptive.ssl.SslConfig">
<property name="credentialConfig">
<bean class="org.ldaptive.ssl.KeyStoreCredentialConfig"
p:keyStore="file:/etc/myapp/keys.jks"
p:keyStorePassword="password"
p:keyStoreType="JKS"
p:keyStoreAliases="kw-dj93d3j9-29kd-dj9k-dkow-dk3jd93jsjs8" />
</property>
</bean>
I first tried:
<bean id="sslConfig" class="org.ldaptive.ssl.SslConfig">
<property name="credentialConfig">
<bean class="org.ldaptive.ssl.KeyStoreCredentialConfig"
p:trustStore="file:/etc/myapp/keys.jks"
p: trustStorePassword="password"
p: trustStoreType="JKS"
p: trustStoreAliases="kw-dj93d3j9-29kd-dj9k-dkow-dk3jd93jsjs8" />
</property>
</bean>
But got the exact same exception. The key alias and password is correct. Any
ideas as to what could be going wrong? Thanks in advance!
-----Original Message-----
From: Zac Harvey
Sent: Wednesday, June 18, 2014 2:50 AM
To: '[email protected]'
Subject: RE: [cas-user] CAS: Example of LDAP authentication for CAS 4.0?
And I guess, more importantly, I'm deploying a cas.war in Tomcat, and I have
Tomcat's conf/server.xml file already looking in a custom keystoreFile that is
located under /etc/cas/cas.jks. In this keystore is the SSL cert that I want
CAS to use. Since I'm already instructing Tomcat to use this keystore, I was
hoping to simply reuse it for the Ldaptive CredentialConfig. Any way to do
this so that I *don't* have to specify something like:
<bean id="sslConfig" class="org.ldaptive.ssl.SslConfig">
<property name="credentialConfig">
<!--
Since I'm already specifying this in
$TOMCAT_HOME/conf/server.xml it would be
nice not to have to specify the keystore a 2nd
time.
-->
<bean class="org.ldaptive.ssl.KeyStoreCredentialConfig"
p:trustStore="/etc/cas/cas.jks" />
</property>
</bean>
Any ideas? Thanks again!
-----Original Message-----
From: Zac Harvey
Sent: Wednesday, June 18, 2014 2:42 AM
To: [email protected]
Subject: RE: [cas-user] CAS: Example of LDAP authentication for CAS 4.0?
Thanks Daniel - are there any public CAS projects (that have viewable source
code) that utilize KeyStoreCredentialConfig for Ldaptive?
-----Original Message-----
From: Daniel Fisher [mailto:[email protected]]
Sent: Tuesday, June 17, 2014 7:40 PM
To: [email protected]
Subject: Re: [cas-user] CAS: Example of LDAP authentication for CAS 4.0?
On Tue, Jun 17, 2014 at 4:41 PM, Zac Harvey <[email protected]> wrote:
> <bean id="sslConfig"
> class="org.ldaptive.ssl.SslConfig">
>
> <property name="credentialConfig">
>
> <bean
> class="org.ldaptive.ssl.X509CredentialConfig"
>
> p:trustCertificates="mycert"
> />
>
If you want to use a keystore here you should be using a
KeyStoreCredentialConfig.
See http://www.ldaptive.org/docs/guide/connections#TOC-Trust-Issues
--Daniel Fisher
--
You are currently subscribed to [email protected] as:
[email protected] To unsubscribe, change settings or access archives, see
http://www.ja-sig.org/wiki/display/JSG/cas-user
--
You are currently subscribed to [email protected] as:
[email protected]
To unsubscribe, change settings or access archives, see
http://www.ja-sig.org/wiki/display/JSG/cas-user
