-
Notifications
You must be signed in to change notification settings - Fork 54
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Help: keystore password can't be set #66
Comments
I ran into this same problem following somewhat similar steps, and whilst I don't have a complete answer yet, let me explain what I think is happening. First of all, this Exception is thrown because Jetty is trying to access your keystore at this location: /shibboleth-idp/credentials/idp-browser.p12 . However, this file is not actually a Java keystore, it's just a .p12 file! So there seems to be a missing step in the instructions in how to ensure this p12 file is loaded in to Jetty's keystore, and then having Jetty's SSL config pointed at that keystore. If we look at the SSL config for the Keystore variable on the running container, we see the base Jetty setting, and the actual setting which this image uses: Base Setting before Customization Post Customization Setting As I found out more and come up with a fix, I will update this thread. |
Actually, my notes above are incorrect - Jetty can handle p12 files as Trust-stores, and the image config is correctly setup to do that, so please ignore above! On further testing in the container, I see that the correct password is being sent to the keystore at runtime via JETTY_ARGS, and that also this same password can be used on the command line to access the same p12 file. There seems to be some problem with the SSLContext class code using the password; perhaps it is getting mangled or lost somehow...will continue to investigate... |
I'm exploring SAML and wanted to use this Docker image to get started. I ran into the same problem. I tried creating the keystore with different tools (Java keygen, OpenSSL (win/linux). If this image won't start successfully, it is in fact useless? Are there any ongoing investigations or plans to fix the issue? |
When running the container, use Be careful to use the exact same password you used when you created the idp-browser.p12 file |
make sure you've done this step, and the passwords match:
|
Followed instructions in the README.md, including adding,
-e JETTY_BROWSER_SSL_KEYSTORE_PASSWORD=changeme
and I still says:Here's what I do:
The text was updated successfully, but these errors were encountered: