Friday, November 13, 2009

Incorrect AVA format

Got this error when trying to create a keystore.

c:\3960\glassfish\domains\domain1\config>keytool -genkey -keyalg RSA -keystore a
mkeystore.jks -validity 365 -alias "fam8" -dname "amqa-x2100-01.red.iplanet.com,
ou=identity,o=sun.com,L=santa clara, ST=CA, C=US"
Enter keystore password:
Re-enter new password:
keytool error: java.io.IOException: Incorrect AVA format

Which was because, i had incorrect dname
Should be "cn=amqa-x2100-01.red.iplanet.co...........
Posted by at No comments:

Wednesday, November 4, 2009

Some not-so-coomon ssoadm examples

ssoadm command line utility that comes with OpenSSO is indeed a very handy little piece of tool
Here are few examples for some not so common usages of ssoadm, which I learnt and want to share

1) Here was a request to the users alias "does someone know the ssoadm command to change signature algorithm for saml2 assertion ( typically to choose RSA-SHA256 ) ? ( corresponding to the gui for the admin console in Configuration/Global/federation/Signature ) "

You should be able to use "ssoadm set-attr-defs" to set the signature algorithm and "ssoadm get-attr-defs" to see the updated value.

./ssoadm set-attr-defs -s sunFAMFederationCommon -t Global -u amadmin -f /usr/tmp/pass -a "SignatureAlgorithm=http://www.w3.org/2001/04/xmldsig-more#rsa-sha256"
bash-3.00# ./ssoadm get-attr-defs -s sunFAMFederationCommon -t Global -u amadmin -f /usr/tmp/pass
(Thanks Charles)
Posted by at No comments:
Subscribe to: Posts (Atom)