What client version are you using? > -----Original Message----- > From: Waldbieser, Carl [mailto:waldb...@lafayette.edu] > Sent: Wednesday, August 5, 2015 10:50 AM > To: cas-user@lists.jasig.org > Subject: Re: [cas-user] Java CAS client and Trust Store > > > Is there some way to tell if the client is actually using the trust store > I specify? > My filter is set up like: > > <filter> > <filter-name>CAS Validation Filter</filter-name> > <filter- > class>org.jasig.cas.client.validation.Cas20ProxyReceivingTicketValidationF > ilter</filter-class> > <init-param> > <param-name>casServerUrlPrefix</param-name> > <param-value>https://cas.dev.lafayette.edu/cas</param-value> > </init-param> > <init-param> > <param-name>serverName</param-name> > <param-value>https://idp2.lafayette.edu</param-value> > </init-param> > <init-param> > <param-name>useSession</param-name> > <param-value>false</param-value> > </init-param> > <init-param> > <param-name>redirectAfterValidation</param-name> > <param-value>false </param-value> > </init-param> > <init-param> > <param-name>sslConfigFile</param-name> > <param-value>/etc/shib-cas/ssl.properties</param-value> > </init-param> > </filter> > > But after restarting Tomcat multiple times, when I `stat` the `/etc/shib- > cas/ssl.properties` file, it appears as though the file has never been > accessed. > The CAS client ultimately fails with a stack trace indicating that it > doesn't trust the cert of the CAS host, which leaves me wondering if (a) > there is something wrong with my truststore, or (b) the `sslConfigFile` is > not being used. > > Any ideas? > > Thanks, > Carl > > ----- Original Message ----- > From: "Misagh Moayyed" <mmoay...@unicon.net> > To: cas-user@lists.jasig.org > Sent: Wednesday, August 5, 2015 11:55:32 AM > Subject: RE: [cas-user] Java CAS client and Trust Store > > Yes, that should do it. > > > -----Original Message----- > > From: Waldbieser, Carl [mailto:waldb...@lafayette.edu] > > Sent: Wednesday, August 5, 2015 8:37 AM > > To: cas-user@lists.jasig.org > > Subject: Re: [cas-user] Java CAS client and Trust Store > > > > Thanks. > > > > So would something like this be a vlid properties file? > > > > #properties=SSL > > #keyStoreType > > keystorePath=/etc/shib-cas/truststore.jks > > keyStorePass=SecretDontTell > > #keyManagerType=SunX509 > > #certificatePassword > > > > I.e. the '#' lines are ignored, the 'keyStorePath' is just the path to > > a Java keystore, and the 'keyStorePass' is just the plaintext password? > > > > Thanks, > > Carl > > > > ----- Original Message ----- > > From: "Misagh Moayyed" <mmoay...@unicon.net> > > To: cas-user@lists.jasig.org > > Sent: Wednesday, August 5, 2015 10:01:04 AM > > Subject: RE: [cas-user] Java CAS client and Trust Store > > > > Yes. Look for "sslConfigFile" here in the project's README/docs: > > https://github.com/Jasig/java-cas-client > > > > I don't know if that will stop the client from looking into the Java > > keystore though. Probably not. > > > > > -----Original Message----- > > > From: Waldbieser, Carl [mailto:waldb...@lafayette.edu] > > > Sent: Wednesday, August 5, 2015 6:43 AM > > > To: cas-user@lists.jasig.org > > > Subject: [cas-user] Java CAS client and Trust Store > > > > > > > > > Is there some way to tell the Java CAS client what trust store it > > > should be using? > > > > > > I may be using the incorrect terminology, so put another way: Is > > > there a way to tell the Java CAS client that I want it to trust the > > > CA certificates in a particular keystore file (.jks file) rather > > > than the global Java keystore? > > > > > > Thanks, > > > Carl Waldbieser > > > ITS Systems Programmer > > > Lafayette College > > > > > > -- > > > You are currently subscribed to cas-user@lists.jasig.org as: > > > mmoay...@unicon.net To unsubscribe, change settings or access > > > archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user > > > > -- > > You are currently subscribed to cas-user@lists.jasig.org as: > > waldb...@lafayette.edu To unsubscribe, change settings or access > archives, > > see http://www.ja-sig.org/wiki/display/JSG/cas-user > > > > -- > > You are currently subscribed to cas-user@lists.jasig.org as: > > mmoay...@unicon.net To unsubscribe, change settings or access > > archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user > > -- > You are currently subscribed to cas-user@lists.jasig.org as: > waldb...@lafayette.edu To unsubscribe, change settings or access archives, > see http://www.ja-sig.org/wiki/display/JSG/cas-user > > -- > You are currently subscribed to cas-user@lists.jasig.org as: > mmoay...@unicon.net To unsubscribe, change settings or access archives, > see http://www.ja-sig.org/wiki/display/JSG/cas-user
-- You are currently subscribed to cas-user@lists.jasig.org as: arch...@mail-archive.com To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user
