Thanks for the response Ishara. SSO works fine when the IS public key is
added to the main keystore in ES. Thanks for the clarification.

On Tue, Jul 14, 2015 at 10:10 AM, Ishara Karunarathna <isha...@wso2.com>
wrote:

>
>
> On Tue, Jul 14, 2015 at 9:59 AM, Pavithra Madurangi <pavit...@wso2.com>
> wrote:
>
>>
>>
>> On Tue, Jul 14, 2015 at 9:52 AM, Ishara Karunarathna <isha...@wso2.com>
>> wrote:
>>
>>> Hi,
>>>
>>> On Mon, Jul 13, 2015 at 6:44 PM, Nadeesha Meegoda <nadees...@wso2.com>
>>> wrote:
>>>
>>>> Hi all,
>>>>
>>>> I have a concern regarding the steps followed when configuring a New
>>>> Key store in ES where ES authenticates via IS.
>>>>
>>> I think you have configured SSO with SAML.
>>>
>>>>
>>>> These are the steps followed :
>>>>
>>>> 1. Created a Key store for ES, Imported the key to Client Trust store
>>>> in ES
>>>> 2. Configured ES to work with the new Key store
>>>> 3. Added the ES key to IS Client Trust Store - Note that IS is having
>>>> the default wso2carbon.jks
>>>>
>>>
>>> Here you have created a new keystore and import your public key to your
>>> existing client-truststore.jks
>>>
>>> And to work sso scenario you will have to import public cert of IS to
>>> your new keystore
>>>
>>
>> ​Normally we add certificates from other parties that we expect to
>> communicate with​
>> ​,​
>>
>> ​to trust store (trust store of ES in this case).​ So instead of doing
>> so, why do we have to add it to key store of ES ?
>>
> For the SSL communication yes we add trusted public keys to 
> client-truststore.jks.
> But this case we keep IDP public keys in our main keystore.
>
>>
>>> Thanks,
>>> Ishara
>>>
>>>>
>>>> We thought following the above steps will be enough for the Key store
>>>> configurations since ES has the default wso2carbon.jks imported to its
>>>> Client Trust store anyway.
>>>>
>>>> However ES login via IS was not successful due to *not* having the IS
>>>> public key details imported into the key that I created in ES.So ultimately
>>>> the data decryption didn't happen successfully. My concern is that All the
>>>> third party public keys should be imported in to the client trust store not
>>>> to the main key itself. What we do here is we are importing the IS public
>>>> key details to the main key of ES.
>>>>
>>>> My question is do we need to follow all the above with importing the IS
>>>> public key to the main key of ES or 1,2,3 steps would be enough for the New
>>>> key store to work?
>>>>
>>>>
>>>> Thanks & Regards,
>>>> Nadeesha
>>>>
>>>> --
>>>> *Nadeesha Meegoda*
>>>> Software Engineer - QA
>>>> WSO2 Inc.; http://wso2.com
>>>> lean.enterprise.middleware
>>>> email : nadees...@wso2.com
>>>> mobile: +94783639540
>>>> <%2B94%2077%202273555>
>>>>
>>>> _______________________________________________
>>>> Dev mailing list
>>>> Dev@wso2.org
>>>> http://wso2.org/cgi-bin/mailman/listinfo/dev
>>>>
>>>>
>>>
>>>
>>> --
>>> Ishara Karunarathna
>>> Senior Software Engineer
>>> WSO2 Inc. - lean . enterprise . middleware |  wso2.com
>>>
>>> email: isha...@wso2.com,   blog: isharaaruna.blogspot.com,   mobile:
>>> +94717996791
>>>
>>> _______________________________________________
>>> Dev mailing list
>>> Dev@wso2.org
>>> http://wso2.org/cgi-bin/mailman/listinfo/dev
>>>
>>>
>>
>>
>> --
>> *Pavithra Madurangi*
>> Associate Technical Lead - QA.
>> WSO2 Inc.: http://wso2.com/
>> Mobile: 0777207357 / 0112747089
>>
>
>
>
> --
> Ishara Karunarathna
> Senior Software Engineer
> WSO2 Inc. - lean . enterprise . middleware |  wso2.com
>
> email: isha...@wso2.com,   blog: isharaaruna.blogspot.com,   mobile:
> +94717996791
>



-- 
*Nadeesha Meegoda*
Software Engineer - QA
WSO2 Inc.; http://wso2.com
lean.enterprise.middleware
email : nadees...@wso2.com
mobile: +94783639540
<%2B94%2077%202273555>
_______________________________________________
Dev mailing list
Dev@wso2.org
http://wso2.org/cgi-bin/mailman/listinfo/dev

Reply via email to