On Sun, Oct 19, 2014 at 12:36 AM, Asela Pathberiya <[email protected]> wrote:
> On Sat, Oct 18, 2014 at 5:19 PM, Johann Nallathamby <[email protected]> > wrote: > > Hi Asela, > > > > On Fri, Oct 17, 2014 at 12:41 PM, Asela Pathberiya <[email protected]> > wrote: > >> > >> On Fri, Oct 17, 2014 at 12:20 PM, KasunG Gajasinghe <[email protected]> > >> wrote: > >> > > >> > On Fri, Oct 17, 2014 at 12:14 PM, Darshana Gunawardana > >> > <[email protected]> > >> > wrote: > >> >> > >> >> Hi KasunG, > >> >> > >> >> So this means we gonna get rid of registry keystore in the carbon.xml > >> >> right? > >> > >> Then we have only one keystore in carbon.xml and It would be used for > >> encrypt/decrypt.. ? But there are several other places that it has > >> been referred by default (Sign SAML, Pass through transport, Thrift > >> and so on). I think, it is better to have registry keystore that would > >> only be used for encrypt/decrypt. > > > > > > I thought SAML SSO uses KeyStore and not RegistryKeyStore for singing and > > encryption, because we need to sign and encrypt using super-tenant keys. > > I meant we uses keystore (primary) for Sign SAML, Pass through > transport, Thrift and so on. Therefore it is not good to use it for > encrypt/decrypt as well... and it is better to keep separate keystore > (registry keystore ). > +1 > > Thanks, > Asela. > > > > ESB transports' SSL configurations can be specified in axis2.xml if it > has > > to be different from the one in carbon.xml right..? I am not sure of > Thrift > > but we should be able to do the same there also. > > > > I fail to see the usage of two separate key stores in carbon.xml apart > from > > all the SSL configurations. If SSL can be configured in other files then > we > > should be able to live with one key store right? That will be the super > > tenant's primary key store. Unless you want to have a separate key store > > when encrypting stuff in the registry which is also OK. In that case also > > the registry key store should only be used for registry encryption, if we > > are using it for SAML signing it is wrong in my opinion. > > > > Thanks, > > Johann. > >> > >> > >> Thanks, > >> Asela. > >> > >> >> > >> > > >> > Yes. > >> > > >> >> > >> >> Thanks, > >> >> Darshana > >> >> > >> >> On Fri, Oct 17, 2014 at 12:04 PM, KasunG Gajasinghe <[email protected] > > > >> >> wrote: > >> >>> > >> >>> Hi, > >> >>> > >> >>> In Carbon 4.3.0, we re-added the keyStore configuration to > >> >>> catalina-server.xml. It seems some products like ESB uses custom > >> >>> catalina-server.xml files. So, please make sure to update the > >> >>> customized > >> >>> catalina-server.xml to have the keystore configuration as follows. > >> >>> > >> >>> You need to add the following two attributes into your > >> >>> catalina-server.xml under the https connector. > >> >>> > >> >>> > >> >>> > >> >>> > keystoreFile="${carbon.home}/repository/resources/security/wso2carbon.jks" > >> >>> keystorePass="wso2carbon" > >> >>> > >> >>> > >> >>> @docs team, please note this change for Carbon 4.3.0. > >> >>> > >> >>> Regards, > >> >>> KasunG > >> >>> > >> >>> > >> >>> -- > >> >>> Kasun Gajasinghe > >> >>> Senior Software Engineer, WSO2 Inc. > >> >>> email: kasung AT spamfree wso2.com > >> >>> linked-in: http://lk.linkedin.com/in/gajasinghe > >> >>> blog: http://kasunbg.org > >> >>> > >> >>> > >> >>> > >> >>> _______________________________________________ > >> >>> Dev mailing list > >> >>> [email protected] > >> >>> http://wso2.org/cgi-bin/mailman/listinfo/dev > >> >>> > >> >> > >> >> > >> >> > >> >> -- > >> >> Regards, > >> >> > >> >> Darshana Gunawardana > >> >> Software Engineer > >> >> WSO2 Inc.; http://wso2.com > >> >> E-mail: [email protected] > >> >> Mobile: +94718566859 > >> >> Lean . Enterprise . Middleware > >> > > >> > > >> > > >> > > >> > -- > >> > Kasun Gajasinghe > >> > Senior Software Engineer, WSO2 Inc. > >> > email: kasung AT spamfree wso2.com > >> > linked-in: http://lk.linkedin.com/in/gajasinghe > >> > blog: http://kasunbg.org > >> > > >> > > >> > > >> > _______________________________________________ > >> > Dev mailing list > >> > [email protected] > >> > http://wso2.org/cgi-bin/mailman/listinfo/dev > >> > > >> > >> > >> > >> -- > >> Thanks & Regards, > >> Asela > >> > >> ATL > >> Mobile : +94 777 625 933 > >> +358 449 228 979 > >> _______________________________________________ > >> Dev mailing list > >> [email protected] > >> http://wso2.org/cgi-bin/mailman/listinfo/dev > > > > > > > > > > -- > > Thanks & Regards, > > > > Johann Dilantha Nallathamby > > Associate Technical Lead & Product Lead of WSO2 Identity Server > > Integration Technologies Team > > WSO2, Inc. > > lean.enterprise.middleware > > > > Mobile - +94777776950 > > Blog - http://nallaa.wordpress.com > > > > -- > Thanks & Regards, > Asela > > ATL > Mobile : +94 777 625 933 > +358 449 228 979 > -- Thanks & Regards, *Johann Dilantha Nallathamby* Associate Technical Lead & Product Lead of WSO2 Identity Server Integration Technologies Team WSO2, Inc. lean.enterprise.middleware Mobile - *+94777776950* Blog - *http://nallaa.wordpress.com <http://nallaa.wordpress.com>*
_______________________________________________ Dev mailing list [email protected] http://wso2.org/cgi-bin/mailman/listinfo/dev
