Hi all, Added the fix with https://github.com/wso2/identity-framework/pull/56 <https://www.google.com/url?q=https%3A%2F%2Fgithub.com%2Fwso2%2Fidentity-framework%2Fpull%2F56&sa=D&sntz=1&usg=AFQjCNHGFnSoXk0ft8OfPCJPKpxN8FBPIg> andhttps://github.com/wso2-extensions/identity-workflow-impl-bps/pull/9 <https://www.google.com/url?q=https%3A%2F%2Fgithub.com%2Fwso2-extensions%2Fidentity-workflow-impl-bps%2Fpull%2F9&sa=D&sntz=1&usg=AFQjCNHvkb63769rd_OPwTIyyYJYrsFI1w>. Please review.
Thanks! On Fri, Apr 1, 2016 at 10:35 AM, Malithi Edirisinghe <[email protected]> wrote: > > > On Fri, Apr 1, 2016 at 9:37 AM, Darshana Gunawardana <[email protected]> > wrote: > >> >> >> On Friday, 1 April 2016, Malithi Edirisinghe <[email protected]> wrote: >> >>> Hi All, >>> >>> Seems we should not rely on system properties and expect the SSL >>> communication to happen. As it seems when the default SSLContext is being >>> initialized it reads the 'javax.net.ssl.keyStore' property and >>> initializes the key manager. If no property found it will initialize an >>> empty keystore. Once the default context is being initialized it seems to >>> be using the same key manager, irrespective of the property changes. >>> So as I understand, we need to initialize an SSLContext or change >>> default key and trust managers. >>> >>> >> You are referring that either >> * we need to initialize a new SSLContext at the place it communicate with >> mutual >> SSL or >> * Set the keystore and password in the server startup >> >> IMO, we should try first approach and move farward with that if it's >> possible. >> > > Actually I was saying either we should initialize a new SSLContext or we > should change the key manager and trust manager being set in the default > SSLContext without setting system properties at server startup. (We can get > the default context but not sure whether that instance is mutable. Need to > check on that). > >> >> Thanks, >> >> >>> That should set the certificate and let the client communicate. >>> >>> Thanks, >>> Malithi. >>> >>> On Thu, Mar 31, 2016 at 5:39 PM, Malithi Edirisinghe <[email protected]> >>> wrote: >>> >>>> Hi All, >>>> >>>> Mutual SSL worked when I start up the server by setting the key store >>>> and key store password as system properties explicitly. >>>> >>>> sh wso2server.sh -Djavax.net.debug=ssl:handshake:verbose -debug 5005 >>>> -Djavax.net.ssl.keyStore=/Users/malithi/RNDSetups/opensaml-upgraded/wso2is-5.2.0-SNAPSHOT/repository/resources/security/wso2carbon.jks >>>> -Djavax.net.ssl.keyStorePassword=wso2carbon >>>> >>>> >>>> Seems it's getting override. Any idea ? >>>> >>>> Thanks, >>>> >>>> Malithi >>>> >>>> On Thu, Mar 31, 2016 at 10:41 AM, Chandana Napagoda <[email protected]> >>>> wrote: >>>> >>>>> Hi Chamila, >>>>> >>>>> I can only see guava and commons version changes in between >>>>> carbon-registry 4.4.8 to 4.4.9. >>>>> >>>>> Regards, >>>>> Chandana >>>>> >>>>> On Thu, Mar 31, 2016 at 9:11 AM, Chamila Wijayarathna < >>>>> [email protected]> wrote: >>>>> >>>>>> Hi Malithi, >>>>>> >>>>>> I have observed the same issue by only updating carbon-registry from >>>>>> 4.4.8 to 4.4.9. So I believe this happens due to dependency changes >>>>>> occurring when doing that. >>>>>> >>>>>> Thank You! >>>>>> >>>>>> On Wed, Mar 30, 2016 at 11:36 PM, Malithi Edirisinghe < >>>>>> [email protected]> wrote: >>>>>> >>>>>>> Hi All, >>>>>>> >>>>>>> We have upgraded opensaml version from 2.4.1 to 2.6.4 in >>>>>>> carbon-identity 5.0.8. In order to build the product with this opensaml >>>>>>> upgrade we had to update carbon deployment version from 4.5.3 to 4.6.1 >>>>>>> to >>>>>>> avoid wiring to opensaml older version. >>>>>>> >>>>>>> Along with this upgrade we had to upgrade below too. >>>>>>> carbon-kernel 4.4.3 to 4.4.5 >>>>>>> carbon-commons 4.4.8 to 4.5.2 >>>>>>> carbon-registry 4.4.8 to 4.5.2 >>>>>>> carbon-multitenancy 4.5.0 to 4.5.1 >>>>>>> carbon-business-process 4.4.4 to 4.4.7 >>>>>>> carbon-analytics-common 1.0.0 to 5.0.8 >>>>>>> axiom 1.2.11.wso2v6 to >>>>>>> 1.2.11.wso2v10 >>>>>>> rampart 1.6.1.wso2v16 to 1.6.1.wso2v19 >>>>>>> jaggerjs 0.12.2 to 0.12.3 >>>>>>> >>>>>>> However, after this upgrade adding workflows fail, since the client >>>>>>> cannot authenticate to the BPELUploader service via mutual ssl. >>>>>>> This occurs as the client module fails to communicate the client >>>>>>> certificate. >>>>>>> But when I tried the same service for mutual ssl via soap ui and via >>>>>>> a third party client I wrote which uses the same stub packed, it worked. >>>>>>> >>>>>>> Highly appreciate any help. >>>>>>> >>>>>>> Thanks, >>>>>>> Malithi >>>>>>> >>>>>>> -- >>>>>>> >>>>>>> *Malithi Edirisinghe* >>>>>>> Senior Software Engineer >>>>>>> WSO2 Inc. >>>>>>> >>>>>>> Mobile : +94 (0) 718176807 >>>>>>> [email protected] >>>>>>> >>>>>> >>>>>> >>>>>> >>>>>> -- >>>>>> *Chamila Dilshan Wijayarathna,* >>>>>> Software Engineer >>>>>> Mobile:(+94)788193620 >>>>>> WSO2 Inc., http://wso2.com/ >>>>>> >>>>> >>>>> >>>>> >>>>> -- >>>>> *Chandana Napagoda* >>>>> Senior Software Engineer >>>>> WSO2 Inc. - http://wso2.org >>>>> >>>>> *Email : [email protected]**Mobile : +94718169299 <%2B94718169299>* >>>>> >>>>> *Blog : http://cnapagoda.blogspot.com >>>>> <http://cnapagoda.blogspot.com>* >>>>> >>>>> >>>> >>>> >>>> -- >>>> >>>> *Malithi Edirisinghe* >>>> Senior Software Engineer >>>> WSO2 Inc. >>>> >>>> Mobile : +94 (0) 718176807 >>>> [email protected] >>>> >>> >>> >>> >>> -- >>> >>> *Malithi Edirisinghe* >>> Senior Software Engineer >>> WSO2 Inc. >>> >>> Mobile : +94 (0) 718176807 >>> [email protected] >>> >> >> >> -- >> Regards, >> >> >> *Darshana Gunawardana*Senior Software Engineer >> WSO2 Inc.; http://wso2.com >> >> *E-mail: [email protected] <[email protected]>* >> *Mobile: +94718566859 <%2B94718566859>*Lean . Enterprise . Middleware >> >> > Thanks, > Malithi > > -- > > *Malithi Edirisinghe* > Senior Software Engineer > WSO2 Inc. > > Mobile : +94 (0) 718176807 > [email protected] > -- *Chamila Dilshan Wijayarathna,* Software Engineer Mobile:(+94)788193620 WSO2 Inc., http://wso2.com/
_______________________________________________ Dev mailing list [email protected] http://wso2.org/cgi-bin/mailman/listinfo/dev
