Tuesday, 2 December 2008

Tomcat only shibboleth-idp2.1 installation: certificate issue

Under shibboleth-idp 1.3 I used to employ the same certificates both for SSO handler (usually port 443) and AA handler (port 8443). It was easy, as both were controlled by web server apache.

With shibboleth-idp 2.1 the preferred installation way is tomcat-only. Actually I found useful using apache to handle SSO, so I could use REMOTE_USER authentication system. But port 8443 is handled by tomcat only.

Well: in server.xml the AA-handler snippet requires key and certificate to be held in a keystore. How to load a key in a keystore?

I found no other way to turn to my old IdP to unleash the power of extkeytool https://spaces.internet2.edu/display/SHIB/IdPPKIConfig
, which is found in the /bin of the shibboleth-idp 1.3 package.

No comments: