On Sat, Oct 18, 2014 at 5:19 PM, Johann Nallathamby <joh...@wso2.com> wrote:
> Hi Asela,
>
> On Fri, Oct 17, 2014 at 12:41 PM, Asela Pathberiya <as...@wso2.com> wrote:
>>
>> On Fri, Oct 17, 2014 at 12:20 PM, KasunG Gajasinghe <kas...@wso2.com>
>> wrote:
>> >
>> > On Fri, Oct 17, 2014 at 12:14 PM, Darshana Gunawardana
>> > <darsh...@wso2.com>
>> > wrote:
>> >>
>> >> Hi KasunG,
>> >>
>> >> So this means we gonna get rid of registry keystore in the carbon.xml
>> >> right?
>>
>> Then we have only one keystore in carbon.xml and It would be used for
>> encrypt/decrypt.. ? But there are several other places that it has
>> been referred by default (Sign SAML, Pass through transport, Thrift
>> and so on). I think, it is better to have registry keystore that would
>> only be used for encrypt/decrypt.
>
>
> I thought SAML SSO uses KeyStore and not RegistryKeyStore for singing and
> encryption, because we need to sign and encrypt using super-tenant keys.
I meant we uses keystore (primary) for Sign SAML, Pass through
transport, Thrift and so on. Therefore it is not good to use it for
encrypt/decrypt as well... and it is better to keep separate keystore
(registry keystore ).
Thanks,
Asela.
>
> ESB transports' SSL configurations can be specified in axis2.xml if it has
> to be different from the one in carbon.xml right..? I am not sure of Thrift
> but we should be able to do the same there also.
>
> I fail to see the usage of two separate key stores in carbon.xml apart from
> all the SSL configurations. If SSL can be configured in other files then we
> should be able to live with one key store right? That will be the super
> tenant's primary key store. Unless you want to have a separate key store
> when encrypting stuff in the registry which is also OK. In that case also
> the registry key store should only be used for registry encryption, if we
> are using it for SAML signing it is wrong in my opinion.
>
> Thanks,
> Johann.
>>
>>
>> Thanks,
>> Asela.
>>
>> >>
>> >
>> > Yes.
>> >
>> >>
>> >> Thanks,
>> >> Darshana
>> >>
>> >> On Fri, Oct 17, 2014 at 12:04 PM, KasunG Gajasinghe <kas...@wso2.com>
>> >> wrote:
>> >>>
>> >>> Hi,
>> >>>
>> >>> In Carbon 4.3.0, we re-added the keyStore configuration to
>> >>> catalina-server.xml. It seems some products like ESB uses custom
>> >>> catalina-server.xml files. So, please make sure to update the
>> >>> customized
>> >>> catalina-server.xml to have the keystore configuration as follows.
>> >>>
>> >>> You need to add the following two attributes into your
>> >>> catalina-server.xml under the https connector.
>> >>>
>> >>>
>> >>>
>> >>> keystoreFile="${carbon.home}/repository/resources/security/wso2carbon.jks"
>> >>> keystorePass="wso2carbon"
>> >>>
>> >>>
>> >>> @docs team, please note this change for Carbon 4.3.0.
>> >>>
>> >>> Regards,
>> >>> KasunG
>> >>>
>> >>>
>> >>> --
>> >>> Kasun Gajasinghe
>> >>> Senior Software Engineer, WSO2 Inc.
>> >>> email: kasung AT spamfree wso2.com
>> >>> linked-in: http://lk.linkedin.com/in/gajasinghe
>> >>> blog: http://kasunbg.org
>> >>>
>> >>>
>> >>>
>> >>> _______________________________________________
>> >>> Dev mailing list
>> >>> Dev@wso2.org
>> >>> http://wso2.org/cgi-bin/mailman/listinfo/dev
>> >>>
>> >>
>> >>
>> >>
>> >> --
>> >> Regards,
>> >>
>> >> Darshana Gunawardana
>> >> Software Engineer
>> >> WSO2 Inc.; http://wso2.com
>> >> E-mail: darsh...@wso2.com
>> >> Mobile: +94718566859
>> >> Lean . Enterprise . Middleware
>> >
>> >
>> >
>> >
>> > --
>> > Kasun Gajasinghe
>> > Senior Software Engineer, WSO2 Inc.
>> > email: kasung AT spamfree wso2.com
>> > linked-in: http://lk.linkedin.com/in/gajasinghe
>> > blog: http://kasunbg.org
>> >
>> >
>> >
>> > _______________________________________________
>> > Dev mailing list
>> > Dev@wso2.org
>> > http://wso2.org/cgi-bin/mailman/listinfo/dev
>> >
>>
>>
>>
>> --
>> Thanks & Regards,
>> Asela
>>
>> ATL
>> Mobile : +94 777 625 933
>> +358 449 228 979
>> _______________________________________________
>> Dev mailing list
>> Dev@wso2.org
>> http://wso2.org/cgi-bin/mailman/listinfo/dev
>
>
>
>
> --
> Thanks & Regards,
>
> Johann Dilantha Nallathamby
> Associate Technical Lead & Product Lead of WSO2 Identity Server
> Integration Technologies Team
> WSO2, Inc.
> lean.enterprise.middleware
>
> Mobile - +94777776950
> Blog - http://nallaa.wordpress.com
--
Thanks & Regards,
Asela
ATL
Mobile : +94 777 625 933
+358 449 228 979
_______________________________________________
Dev mailing list
Dev@wso2.org
http://wso2.org/cgi-bin/mailman/listinfo/dev
