shibboleth-dev - beta idp: ldap with client cert
Subject: Shibboleth Developers
List archive
- From: Jim Fox <>
- To:
- Subject: beta idp: ldap with client cert
- Date: Mon, 24 Sep 2007 14:20:47 -0700 (PDT)
It appears that client cert authentication to an ldap service
can be made to work for 2.0 with some property definitions in the
ldap resolver section, e.g.,
<LDAPProperty name="javax.net.ssl.trustStore"
value="path_to_keystore" />
<LDAPProperty name="javax.net.ssl.trustStorePassword"
value="store_pw" />
<LDAPProperty name="javax.net.ssl.keyStore"
value="path_to_truststore" />
<LDAPProperty name="javax.net.ssl.keyStorePassword"
value="store_pw" />
<LDAPProperty name="java.naming.security.authentication"
value="EXTERNAL" />
I know these keystores are the java way, but they aren't
the shib way. I much preferred using Credential elements.
Jim
p.s. If I can use a <Credential ../> and normal cert and key
files for this someone please explain how.
- beta idp: ldap with client cert, Jim Fox, 09/24/2007
- Re: beta idp: ldap with client cert, Daniel Fisher, 09/24/2007
Archive powered by MHonArc 2.6.16.