[cas-dev] SAML/Google Apps and key format

Scott Battaglia scott.battaglia at gmail.com
Thu Jun 19 13:16:07 EDT 2008 

Pat,

The public key needs to be given to Google while the private key stays with
you (you=CAS).  The CAS application needs access to both though.

As for the OpenSSL generation, I don't use OpenSSL so I'm going to guess
that works.  Did you tell CAS you were using RSA and not DSA though?

-Scott

-Scott Battaglia
PGP Public Key Id: 0x383733AA
LinkedIn: http://www.linkedin.com/in/scottbattaglia

On Thu, Jun 19, 2008 at 1:10 PM, Patrick Berry <pberry at gmail.com> wrote:

> Hi all,
> Just about to try out SAML + CAS + Google Apps and I'm going through the
> docs in the wiki (http://www.ja-sig.org/wiki/x/fIVc) and something just
> isn't working, or I'm doing it wrong (insert LOLPAT picture here).
>
> Here is the first error:
> ERROR [org.springframework.web.context.ContextLoader] - <Context
> initialization failed>
> org.springframework.beans.factory.BeanCreationException: Error creating
> bean with name 'privateKeyFactoryBean' defined in ServletContext resource
> [/WEB-INF/spring-configuration/argumentExtractorsConfiguration.xml]:
> Invocation of init method failed; nested exception is
> java.security.spec.InvalidKeySpecException: Inappropriate key specification:
> invalid key format
>
> (I had tried specifying a file location first, that didn't work so I went
> with the class path, and now I get invalid key format instead of
> fileNotFound, so you know, progress!)
>
> I followed the openssl docs copy and paste style from the wiki page:
>
> openssl genrsa -out private.key 1024
> openssl rsa -pubout -in private.key -out public.key -inform PEM -outform DER
> openssl pkcs8 -topk8 -inform PER -outform DER -nocrypt -in private.key -out private.p8
> openssl req -new -x509 -key private.key -out x509.pem -days 365
>
>
> Now, the part that gets me is that in the
> WEB-INF/spring-configuration/argumentExtractorsConfiguration.xml I specify
> my public and private key, but the docs mention that I only need the public
> key and the public.p8 in the classpath...but I never reference the
> private.p8 in the configuration.  Am I wrong?  Are the docs wrong?  Am I not
> reading the docs correctly?
>
> Thanks,
> Pat
>
> _______________________________________________
> cas-dev mailing list
> cas-dev at tp.its.yale.edu
> http://tp.its.yale.edu/mailman/listinfo/cas-dev
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://tp.its.yale.edu/pipermail/cas-dev/attachments/20080619/6aed42d7/attachment.html

More information about the cas-dev mailing list