Changes between Version 12 and Version 13 of IdPSetup
- Timestamp:
- 04/01/13 17:19:12 (12 years ago)
Legend:
- Unmodified
- Added
- Removed
- Modified
-
IdPSetup
v12 v13 65 65 production !IdPs (heald, hanin) do not have 2.3.0 src... 66 66 ==== Import private CAs as needed ==== 67 As of 2013-0 4-01 UA AD is using certificates signed by a local private CA. Unless that CA's certificate is imported, the IdP will fail to establish connection to the AD server, potentially causing authN failure, but certainly causing a failure in attribute resolution.67 As of 2013-03-30 UA AD is using certificates signed by a local private CA for ldaps. Unless that CA's certificate is imported, the IdP will fail to establish connection to the AD server, potentially causing authN failure, but certainly causing a failure in attribute resolution. 68 68 69 69 Import the CA certificate, per https://wiki.shibboleth.net/confluence/display/SHIB2/IdPAuthUserPass with the following command that MUST be run by root (to write the cacerts file): … … 74 74 }}} 75 75 76 N.B.: as of 2013-04-01, Tech Services is employing a different way to import and make use the CA by pointing Java to a different key store in order to avoid having to re-import the local CA every time Java is updated. It is not known what the long term effect on other CAs will be - whether those certs will be updated if changed by the vendor. 77 78 ''TS needs to provide support and documentation for this change''. 76 79 ==== !DataConnector Failover ==== 77 80 If the data connector encounters an error when trying to retrieve attribute information from the database, one or more failover data connectors can be defined. These connectors are only invoked if this data connector fails (not if simply finds no results) and they are invoked in the order they are listed until one succeeds.
