This will be of interest to anyone using SSO Client and cursing Java
keystores. Since version 1.84, the library can use a pair of Apache-style
crt and key files instead of a Java keystore file. If you’re using Apache to
serve HTTPS, you will probably already have these files on your server. The
config can point to the same files.
Below is an example SSO Client config file using these credentials. The
element is new, and the old element can be removed
entirely. The credentials require the path to a chain file, which contains
the intermediate certificates. If you are using Apache to serve HTTPS, you
probably already have such a file specified in your config as
SSLCertificateChainFile.
\\\ true new
urn:mace:eduserv.org.uk:athens:provider:warwick.ac.uk <>
https://websignon.warwick.ac.uk/origin/hs
https://websignon.warwick.ac.uk/origin/logout
https://websignon.warwick.ac.uk/origin/aa
SSO_USER x-requested-uri
https://horses.warwick.ac.uk/shire
SSO-SSC-Horses / horses.warwick.ac.ukurn:horses.warwick.ac.uk:stable:service
<> file:/etc/apache2/SSL/horses.warwick.ac.uk.crt <>
file:/etc/apache2/SSL/horses.warwick.ac.uk.key <>
file:/etc/apache2/SSL/terena-ca.crt <> \\\ Download SSO Client
Web Sign On
Web Sign On
SSOClient - using Apache-style key and crt instead of keystore
You need to be logged in to post in this topic.
-
0 likes
-
Re: SSOClient - using Apache-style key and crt instead of keystoreA more recent and minor change – since 1.87, the element and its contents can be omitted – defaults for the values are embedded in the library. It automatically chooses the correct login location based on whether you’re using old or new mode. \\\ true new SSO_USER x-requested-urihttps://horses.warwick.ac.uk/shire0 likes