Shibboleth Developers

[Mark Allen Earnest <>]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1


I thought the salt keystore (persistent.jks) was defined in the 
resolver.xml file...

ooooooooooh, NOW I get it :)

<Salt keyStorePath="/conf/persistent.jks" keyStoreKeyAlias="hand
leKey" keyStorePassword="shibhs" keyStoreKeyPassword="shibhs"/>

Yeah, that is the problem, it wants a relative path (reletive to what? I'm 
guessing SHIB_HOME maybe?)

I tried putting the persistent.jks file in $SHIB_HOME/conf and it did not 
work. Do you know where resolvertest is going to be looking for this file 
from if not there?

Mark Earnest
Lead Systems Programmer
Emerging Technologies
The Pennsylvania State University

Public Key - http://www.personal.psu.edu/mxe20/gpgkey.txt

On Wed, 18 Feb 2004, Scott Cantor wrote:

> > The problem is I have verified that the userID is the same, the requester 
> > is the same, and the resolver.xml file is the same. This is why I think 
> > there may be a problem with resolvertest.
> 
> I can't think how, it just acts as a shell around the same body of code. The
> point is that in the list you give above, you don't mention the salt. The
> salt is therefore almost certainly not the same. The salt is in the keystore
> that ant creates/edits when you run the genSalt target.
> 
> Resolvertest uses a sort of "virtual" file loader to locate the salt
> keystore based on the classpath in effect and where the classes get loaded
> from. So it's quite possible to not realize that in that case the salt is
> from a file on disk and in the "deployed case" it might be inside a warfile,
> or at least from a different warfile on the same box.
> 
> -- Scott
> 
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.3 (GNU/Linux)

iD8DBQFAM7j8ooNLpLZfPIMRAioYAJ9pKYkCkwTZJQxALXCdsZq05t5d2gCfQwjR
flWbi6jvgNLqV0TWioE7ihU=
=Nsrd
-----END PGP SIGNATURE-----