On Tue, Jul 14, 2015 at 9:59 AM, Pavithra Madurangi <pavit...@wso2.com> wrote:
> > > On Tue, Jul 14, 2015 at 9:52 AM, Ishara Karunarathna <isha...@wso2.com> > wrote: > >> Hi, >> >> On Mon, Jul 13, 2015 at 6:44 PM, Nadeesha Meegoda <nadees...@wso2.com> >> wrote: >> >>> Hi all, >>> >>> I have a concern regarding the steps followed when configuring a New Key >>> store in ES where ES authenticates via IS. >>> >> I think you have configured SSO with SAML. >> >>> >>> These are the steps followed : >>> >>> 1. Created a Key store for ES, Imported the key to Client Trust store in >>> ES >>> 2. Configured ES to work with the new Key store >>> 3. Added the ES key to IS Client Trust Store - Note that IS is having >>> the default wso2carbon.jks >>> >> >> Here you have created a new keystore and import your public key to your >> existing client-truststore.jks >> >> And to work sso scenario you will have to import public cert of IS to >> your new keystore >> > > Normally we add certificates from other parties that we expect to > communicate with > , > > to trust store (trust store of ES in this case). So instead of doing so, > why do we have to add it to key store of ES ? > For the SSL communication yes we add trusted public keys to client-truststore.jks. But this case we keep IDP public keys in our main keystore. > >> Thanks, >> Ishara >> >>> >>> We thought following the above steps will be enough for the Key store >>> configurations since ES has the default wso2carbon.jks imported to its >>> Client Trust store anyway. >>> >>> However ES login via IS was not successful due to *not* having the IS >>> public key details imported into the key that I created in ES.So ultimately >>> the data decryption didn't happen successfully. My concern is that All the >>> third party public keys should be imported in to the client trust store not >>> to the main key itself. What we do here is we are importing the IS public >>> key details to the main key of ES. >>> >>> My question is do we need to follow all the above with importing the IS >>> public key to the main key of ES or 1,2,3 steps would be enough for the New >>> key store to work? >>> >>> >>> Thanks & Regards, >>> Nadeesha >>> >>> -- >>> *Nadeesha Meegoda* >>> Software Engineer - QA >>> WSO2 Inc.; http://wso2.com >>> lean.enterprise.middleware >>> email : nadees...@wso2.com >>> mobile: +94783639540 >>> <%2B94%2077%202273555> >>> >>> _______________________________________________ >>> Dev mailing list >>> Dev@wso2.org >>> http://wso2.org/cgi-bin/mailman/listinfo/dev >>> >>> >> >> >> -- >> Ishara Karunarathna >> Senior Software Engineer >> WSO2 Inc. - lean . enterprise . middleware | wso2.com >> >> email: isha...@wso2.com, blog: isharaaruna.blogspot.com, mobile: >> +94717996791 >> >> _______________________________________________ >> Dev mailing list >> Dev@wso2.org >> http://wso2.org/cgi-bin/mailman/listinfo/dev >> >> > > > -- > *Pavithra Madurangi* > Associate Technical Lead - QA. > WSO2 Inc.: http://wso2.com/ > Mobile: 0777207357 / 0112747089 > -- Ishara Karunarathna Senior Software Engineer WSO2 Inc. - lean . enterprise . middleware | wso2.com email: isha...@wso2.com, blog: isharaaruna.blogspot.com, mobile: +94717996791
_______________________________________________ Dev mailing list Dev@wso2.org http://wso2.org/cgi-bin/mailman/listinfo/dev