Is there some way to tell if the client is actually using the trust store I
specify?
My filter is set up like:
<filter>
<filter-name>CAS Validation Filter</filter-name>
<filter-class>org.jasig.cas.client.validation.Cas20ProxyReceivingTicketValidationFilter</filter-class>
<init-param>
<param-name>casServerUrlPrefix</param-name>
<param-value>https://cas.dev.lafayette.edu/cas</param-value>
</init-param>
<init-param>
<param-name>serverName</param-name>
<param-value>https://idp2.lafayette.edu</param-value>
</init-param>
<init-param>
<param-name>useSession</param-name>
<param-value>false</param-value>
</init-param>
<init-param>
<param-name>redirectAfterValidation</param-name>
<param-value>false </param-value>
</init-param>
<init-param>
<param-name>sslConfigFile</param-name>
<param-value>/etc/shib-cas/ssl.properties</param-value>
</init-param>
</filter>
But after restarting Tomcat multiple times, when I `stat` the
`/etc/shib-cas/ssl.properties` file, it appears as though the file has never
been accessed.
The CAS client ultimately fails with a stack trace indicating that it doesn't
trust the cert of the CAS host, which leaves me wondering if (a) there is
something wrong with my truststore, or (b) the `sslConfigFile` is not being
used.
Any ideas?
Thanks,
Carl
----- Original Message -----
From: "Misagh Moayyed" <[email protected]>
To: [email protected]
Sent: Wednesday, August 5, 2015 11:55:32 AM
Subject: RE: [cas-user] Java CAS client and Trust Store
Yes, that should do it.
> -----Original Message-----
> From: Waldbieser, Carl [mailto:[email protected]]
> Sent: Wednesday, August 5, 2015 8:37 AM
> To: [email protected]
> Subject: Re: [cas-user] Java CAS client and Trust Store
>
> Thanks.
>
> So would something like this be a vlid properties file?
>
> #properties=SSL
> #keyStoreType
> keystorePath=/etc/shib-cas/truststore.jks
> keyStorePass=SecretDontTell
> #keyManagerType=SunX509
> #certificatePassword
>
> I.e. the '#' lines are ignored, the 'keyStorePath' is just the path to a
> Java keystore, and the 'keyStorePass' is just the plaintext password?
>
> Thanks,
> Carl
>
> ----- Original Message -----
> From: "Misagh Moayyed" <[email protected]>
> To: [email protected]
> Sent: Wednesday, August 5, 2015 10:01:04 AM
> Subject: RE: [cas-user] Java CAS client and Trust Store
>
> Yes. Look for "sslConfigFile" here in the project's README/docs:
> https://github.com/Jasig/java-cas-client
>
> I don't know if that will stop the client from looking into the Java
> keystore though. Probably not.
>
> > -----Original Message-----
> > From: Waldbieser, Carl [mailto:[email protected]]
> > Sent: Wednesday, August 5, 2015 6:43 AM
> > To: [email protected]
> > Subject: [cas-user] Java CAS client and Trust Store
> >
> >
> > Is there some way to tell the Java CAS client what trust store it
> > should be using?
> >
> > I may be using the incorrect terminology, so put another way: Is there
> > a way to tell the Java CAS client that I want it to trust the CA
> > certificates in a particular keystore file (.jks file) rather than the
> > global Java keystore?
> >
> > Thanks,
> > Carl Waldbieser
> > ITS Systems Programmer
> > Lafayette College
> >
> > --
> > You are currently subscribed to [email protected] as:
> > [email protected] To unsubscribe, change settings or access
> > archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user
>
> --
> You are currently subscribed to [email protected] as:
> [email protected] To unsubscribe, change settings or access
archives,
> see http://www.ja-sig.org/wiki/display/JSG/cas-user
>
> --
> You are currently subscribed to [email protected] as:
> [email protected] To unsubscribe, change settings or access archives,
> see http://www.ja-sig.org/wiki/display/JSG/cas-user
--
You are currently subscribed to [email protected] as:
[email protected]
To unsubscribe, change settings or access archives, see
http://www.ja-sig.org/wiki/display/JSG/cas-user
--
You are currently subscribed to [email protected] as:
[email protected]
To unsubscribe, change settings or access archives, see
http://www.ja-sig.org/wiki/display/JSG/cas-user
