Hi Asela, On Fri, Oct 17, 2014 at 12:41 PM, Asela Pathberiya <[email protected]> wrote:
> On Fri, Oct 17, 2014 at 12:20 PM, KasunG Gajasinghe <[email protected]> > wrote: > > > > On Fri, Oct 17, 2014 at 12:14 PM, Darshana Gunawardana < > [email protected]> > > wrote: > >> > >> Hi KasunG, > >> > >> So this means we gonna get rid of registry keystore in the carbon.xml > >> right? > > Then we have only one keystore in carbon.xml and It would be used for > encrypt/decrypt.. ? But there are several other places that it has > been referred by default (Sign SAML, Pass through transport, Thrift > and so on). I think, it is better to have registry keystore that would > only be used for encrypt/decrypt. > I thought SAML SSO uses KeyStore and not RegistryKeyStore for singing and encryption, because we need to sign and encrypt using super-tenant keys. ESB transports' SSL configurations can be specified in axis2.xml if it has to be different from the one in carbon.xml right..? I am not sure of Thrift but we should be able to do the same there also. I fail to see the usage of two separate key stores in carbon.xml apart from all the SSL configurations. If SSL can be configured in other files then we should be able to live with one key store right? That will be the super tenant's primary key store. Unless you want to have a separate key store when encrypting stuff in the registry which is also OK. In that case also the registry key store should only be used for registry encryption, if we are using it for SAML signing it is wrong in my opinion. Thanks, Johann. > > Thanks, > Asela. > > >> > > > > Yes. > > > >> > >> Thanks, > >> Darshana > >> > >> On Fri, Oct 17, 2014 at 12:04 PM, KasunG Gajasinghe <[email protected]> > >> wrote: > >>> > >>> Hi, > >>> > >>> In Carbon 4.3.0, we re-added the keyStore configuration to > >>> catalina-server.xml. It seems some products like ESB uses custom > >>> catalina-server.xml files. So, please make sure to update the > customized > >>> catalina-server.xml to have the keystore configuration as follows. > >>> > >>> You need to add the following two attributes into your > >>> catalina-server.xml under the https connector. > >>> > >>> > >>> > keystoreFile="${carbon.home}/repository/resources/security/wso2carbon.jks" > >>> keystorePass="wso2carbon" > >>> > >>> > >>> @docs team, please note this change for Carbon 4.3.0. > >>> > >>> Regards, > >>> KasunG > >>> > >>> > >>> -- > >>> Kasun Gajasinghe > >>> Senior Software Engineer, WSO2 Inc. > >>> email: kasung AT spamfree wso2.com > >>> linked-in: http://lk.linkedin.com/in/gajasinghe > >>> blog: http://kasunbg.org > >>> > >>> > >>> > >>> _______________________________________________ > >>> Dev mailing list > >>> [email protected] > >>> http://wso2.org/cgi-bin/mailman/listinfo/dev > >>> > >> > >> > >> > >> -- > >> Regards, > >> > >> Darshana Gunawardana > >> Software Engineer > >> WSO2 Inc.; http://wso2.com > >> E-mail: [email protected] > >> Mobile: +94718566859 > >> Lean . Enterprise . Middleware > > > > > > > > > > -- > > Kasun Gajasinghe > > Senior Software Engineer, WSO2 Inc. > > email: kasung AT spamfree wso2.com > > linked-in: http://lk.linkedin.com/in/gajasinghe > > blog: http://kasunbg.org > > > > > > > > _______________________________________________ > > Dev mailing list > > [email protected] > > http://wso2.org/cgi-bin/mailman/listinfo/dev > > > > > > -- > Thanks & Regards, > Asela > > ATL > Mobile : +94 777 625 933 > +358 449 228 979 > _______________________________________________ > Dev mailing list > [email protected] > http://wso2.org/cgi-bin/mailman/listinfo/dev > -- Thanks & Regards, *Johann Dilantha Nallathamby* Associate Technical Lead & Product Lead of WSO2 Identity Server Integration Technologies Team WSO2, Inc. lean.enterprise.middleware Mobile - *+94777776950* Blog - *http://nallaa.wordpress.com <http://nallaa.wordpress.com>*
_______________________________________________ Dev mailing list [email protected] http://wso2.org/cgi-bin/mailman/listinfo/dev
