[cas-dev] SAML/Google Apps and key format

Scott Battaglia scott.battaglia at gmail.com
Thu Jun 19 13:30:59 EDT 2008 

You're telling it you generated DSA keys.  The doc I believe says to change
that to RSA if you are using RSA keys  Of course it may still fail after
that :-)

Two different people wrote two parts of the documentation.  When I did it I
used DSA keys.  The person who wrote the OpenSSL part used RSA apparently.

-Scott Battaglia
PGP Public Key Id: 0x383733AA
LinkedIn: http://www.linkedin.com/in/scottbattaglia

On Thu, Jun 19, 2008 at 1:27 PM, Patrick Berry <pberry at gmail.com> wrote:

> There are 4 files generated in the openssl process:
> private.key
> private.p8
> public.key
> x509.pem
>
> The docs state that the x509.pem goes to Google (and it uploaded just fine
> -- and yes Google does check the format on upload)
>
> Here is the relevant section from my spring config:
>
>         <bean
>                 id="casArgumentExtractor"
>                 class="org.jasig.cas.web.support.CasArgumentExtractor" />
>
>         <bean id="samlArgumentExtractor"
> class="org.jasig.cas.web.support.SamlArgumentExtractor" />
>         <bean
>                 id="privateKeyFactoryBean"
>                 class="org.jasig.cas.util.PrivateKeyFactoryBean"
>                 p:location="classpath:private.key"
>                 p:algorithm="DSA" />
>
>         <bean
>                 id="publicKeyFactoryBean"
>                 class="org.jasig.cas.util.PublicKeyFactoryBean"
>                 p:location="classpath:public.key"
>                 p:algorithm="DSA" />
>
>         <bean
>                 name="googleAccountsArgumentExtractor"
>
>  class="org.jasig.cas.web.support.GoogleAccountsArgumentExtractor"
>                 p:privateKey-ref="privateKeyFactoryBean"
>                 p:publicKey-ref="publicKeyFactoryBean" />
>
>         <util:list id="argumentExtractors">
>                 <ref bean="casArgumentExtractor" />
>                 <ref bean="samlArgumentExtractor" />
>                 <ref bean="googleAccountsArgumentExtractor" />
>         </util:list>
>
> per the wiki docs.
>
> On Thu, Jun 19, 2008 at 10:16 AM, Scott Battaglia <
> scott.battaglia at gmail.com> wrote:
>
>> Pat,
>>
>> The public key needs to be given to Google while the private key stays
>> with you (you=CAS).  The CAS application needs access to both though.
>>
>> As for the OpenSSL generation, I don't use OpenSSL so I'm going to guess
>> that works.  Did you tell CAS you were using RSA and not DSA though?
>>
>> -Scott
>>
>> -Scott Battaglia
>> PGP Public Key Id: 0x383733AA
>> LinkedIn: http://www.linkedin.com/in/scottbattaglia
>>
>> On Thu, Jun 19, 2008 at 1:10 PM, Patrick Berry <pberry at gmail.com> wrote:
>>
>>>  Hi all,
>>> Just about to try out SAML + CAS + Google Apps and I'm going through the
>>> docs in the wiki (http://www.ja-sig.org/wiki/x/fIVc) and something just
>>> isn't working, or I'm doing it wrong (insert LOLPAT picture here).
>>>
>>> Here is the first error:
>>> ERROR [org.springframework.web.context.ContextLoader] - <Context
>>> initialization failed>
>>> org.springframework.beans.factory.BeanCreationException: Error creating
>>> bean with name 'privateKeyFactoryBean' defined in ServletContext resource
>>> [/WEB-INF/spring-configuration/argumentExtractorsConfiguration.xml]:
>>> Invocation of init method failed; nested exception is
>>> java.security.spec.InvalidKeySpecException: Inappropriate key specification:
>>> invalid key format
>>>
>>> (I had tried specifying a file location first, that didn't work so I went
>>> with the class path, and now I get invalid key format instead of
>>> fileNotFound, so you know, progress!)
>>>
>>> I followed the openssl docs copy and paste style from the wiki page:
>>>
>>> openssl genrsa -out private.key 1024
>>> openssl rsa -pubout -in private.key -out public.key -inform PEM -outform DER
>>> openssl pkcs8 -topk8 -inform PER -outform DER -nocrypt -in private.key -out private.p8
>>> openssl req -new -x509 -key private.key -out x509.pem -days 365
>>>
>>>
>>> Now, the part that gets me is that in the
>>> WEB-INF/spring-configuration/argumentExtractorsConfiguration.xml I
>>> specify my public and private key, but the docs mention that I only need the
>>> public key and the public.p8 in the classpath...but I never reference the
>>> private.p8 in the configuration.  Am I wrong?  Are the docs wrong?  Am I not
>>> reading the docs correctly?
>>>
>>> Thanks,
>>> Pat
>>>
>>> _______________________________________________
>>> cas-dev mailing list
>>> cas-dev at tp.its.yale.edu
>>> http://tp.its.yale.edu/mailman/listinfo/cas-dev
>>>
>>>
>>
>> _______________________________________________
>> cas-dev mailing list
>> cas-dev at tp.its.yale.edu
>> http://tp.its.yale.edu/mailman/listinfo/cas-dev
>>
>>
>
> _______________________________________________
> cas-dev mailing list
> cas-dev at tp.its.yale.edu
> http://tp.its.yale.edu/mailman/listinfo/cas-dev
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://tp.its.yale.edu/pipermail/cas-dev/attachments/20080619/5de71560/attachment-0001.html

More information about the cas-dev mailing list