Ok. Based on the docs you want to start with a minimum of 3.3.x. That should support that option.
There should also be logs that tell you the keystore was loaded successfully and used. You only see those when an outbound https connection is made; not on Tomcat startup. > -----Original Message----- > From: Waldbieser, Carl [mailto:[email protected]] > Sent: Wednesday, August 5, 2015 10:59 AM > To: [email protected] > Subject: Re: [cas-user] Java CAS client and Trust Store > > > cas-client-core-3.1.12.jar > > Thanks, > Carl > > ----- Original Message ----- > From: "Misagh Moayyed" <[email protected]> > To: [email protected] > Sent: Wednesday, August 5, 2015 1:53:55 PM > Subject: RE: [cas-user] Java CAS client and Trust Store > > What client version are you using? > > > -----Original Message----- > > From: Waldbieser, Carl [mailto:[email protected]] > > Sent: Wednesday, August 5, 2015 10:50 AM > > To: [email protected] > > Subject: Re: [cas-user] Java CAS client and Trust Store > > > > > > Is there some way to tell if the client is actually using the trust > store > > I specify? > > My filter is set up like: > > > > <filter> > > <filter-name>CAS Validation Filter</filter-name> > > <filter- > > > class>org.jasig.cas.client.validation.Cas20ProxyReceivingTicketValidatio > class>nF > > ilter</filter-class> > > <init-param> > > <param-name>casServerUrlPrefix</param-name> > > <param-value>https://cas.dev.lafayette.edu/cas</param-value> > > </init-param> > > <init-param> > > <param-name>serverName</param-name> > > <param-value>https://idp2.lafayette.edu</param-value> > > </init-param> > > <init-param> > > <param-name>useSession</param-name> > > <param-value>false</param-value> > > </init-param> > > <init-param> > > <param-name>redirectAfterValidation</param-name> > > <param-value>false </param-value> > > </init-param> > > <init-param> > > <param-name>sslConfigFile</param-name> > > <param-value>/etc/shib-cas/ssl.properties</param-value> > > </init-param> > > </filter> > > > > But after restarting Tomcat multiple times, when I `stat` the > `/etc/shib- > > cas/ssl.properties` file, it appears as though the file has never been > > accessed. > > The CAS client ultimately fails with a stack trace indicating that it > > doesn't trust the cert of the CAS host, which leaves me wondering if > > (a) there is something wrong with my truststore, or (b) the > > `sslConfigFile` > is > > not being used. > > > > Any ideas? > > > > Thanks, > > Carl > > > > ----- Original Message ----- > > From: "Misagh Moayyed" <[email protected]> > > To: [email protected] > > Sent: Wednesday, August 5, 2015 11:55:32 AM > > Subject: RE: [cas-user] Java CAS client and Trust Store > > > > Yes, that should do it. > > > > > -----Original Message----- > > > From: Waldbieser, Carl [mailto:[email protected]] > > > Sent: Wednesday, August 5, 2015 8:37 AM > > > To: [email protected] > > > Subject: Re: [cas-user] Java CAS client and Trust Store > > > > > > Thanks. > > > > > > So would something like this be a vlid properties file? > > > > > > #properties=SSL > > > #keyStoreType > > > keystorePath=/etc/shib-cas/truststore.jks > > > keyStorePass=SecretDontTell > > > #keyManagerType=SunX509 > > > #certificatePassword > > > > > > I.e. the '#' lines are ignored, the 'keyStorePath' is just the path > > > to a Java keystore, and the 'keyStorePass' is just the plaintext > password? > > > > > > Thanks, > > > Carl > > > > > > ----- Original Message ----- > > > From: "Misagh Moayyed" <[email protected]> > > > To: [email protected] > > > Sent: Wednesday, August 5, 2015 10:01:04 AM > > > Subject: RE: [cas-user] Java CAS client and Trust Store > > > > > > Yes. Look for "sslConfigFile" here in the project's README/docs: > > > https://github.com/Jasig/java-cas-client > > > > > > I don't know if that will stop the client from looking into the Java > > > keystore though. Probably not. > > > > > > > -----Original Message----- > > > > From: Waldbieser, Carl [mailto:[email protected]] > > > > Sent: Wednesday, August 5, 2015 6:43 AM > > > > To: [email protected] > > > > Subject: [cas-user] Java CAS client and Trust Store > > > > > > > > > > > > Is there some way to tell the Java CAS client what trust store it > > > > should be using? > > > > > > > > I may be using the incorrect terminology, so put another way: Is > > > > there a way to tell the Java CAS client that I want it to trust > > > > the CA certificates in a particular keystore file (.jks file) > > > > rather than the global Java keystore? > > > > > > > > Thanks, > > > > Carl Waldbieser > > > > ITS Systems Programmer > > > > Lafayette College > > > > > > > > -- > > > > You are currently subscribed to [email protected] as: > > > > [email protected] To unsubscribe, change settings or access > > > > archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user > > > > > > -- > > > You are currently subscribed to [email protected] as: > > > [email protected] To unsubscribe, change settings or access > > archives, > > > see http://www.ja-sig.org/wiki/display/JSG/cas-user > > > > > > -- > > > You are currently subscribed to [email protected] as: > > > [email protected] To unsubscribe, change settings or access > > > archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user > > > > -- > > You are currently subscribed to [email protected] as: > > [email protected] To unsubscribe, change settings or access > archives, > > see http://www.ja-sig.org/wiki/display/JSG/cas-user > > > > -- > > You are currently subscribed to [email protected] as: > > [email protected] To unsubscribe, change settings or access > > archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user > > -- > You are currently subscribed to [email protected] as: > [email protected] To unsubscribe, change settings or access archives, > see http://www.ja-sig.org/wiki/display/JSG/cas-user > > -- > You are currently subscribed to [email protected] as: > [email protected] To unsubscribe, change settings or access archives, > see http://www.ja-sig.org/wiki/display/JSG/cas-user -- You are currently subscribed to [email protected] as: [email protected] To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user
