/services/idg/services-support/web/sign-on/development/forum/?topic=094d43a23c3dda8f013c618daded6c92 The latest posts to IDG » Web Sign On » SSOClient - using Apache-style key and crt instead of keystore en-GB (C) 2026 University of ÌÇÐÄTV Wed, 02 Jul 2025 10:06:42 GMT http://blogs.law.harvard.edu/tech/rss SiteBuilder2, University of ÌÇÐÄTV, http://go.warwick.ac.uk/sitebuilder /services/idg/services-support/web/sign-on/development/forum/?post=094d43a23c3dda8f013c618daded6c94 <p>A more recent and minor change – since 1.87, the element and its contents can be omitted – defaults for the values are embedded in the library. It automatically chooses the correct login location based on whether you’re using old or new mode.</p> \\\ &lt;?xml version=”1.0” encoding=”UTF-8”?&gt; true new SSO_USER x-requested-uri <a href="https://horses.warwick.ac.uk/shire" rel="nofollow">https://horses.warwick.ac.uk/shire</a> SSO-SSC-Horses / horses.warwick.ac.uk <a rel="nofollow">urn:horses.warwick.ac.uk:stable:service</a> <a rel="nofollow">file:/etc/apache2/SSL/horses.warwick.ac.uk.crt</a> <a rel="nofollow">file:/etc/apache2/SSL/horses.warwick.ac.uk.key</a> <a rel="nofollow">file:/etc/apache2/SSL/terena-ca.crt</a> \\\ Fri, 03 Feb 2012 11:31:01 GMT Nick Howes 094d43a23c3dda8f013c618daded6c94 /services/idg/services-support/web/sign-on/development/forum/?post=094d43a23c3dda8f013c618daded6c93 <p>This will be of interest to anyone using SSO Client and cursing Java keystores. Since version 1.84, the library can use a pair of Apache-style crt and key files instead of a Java keystore file. If you’re using Apache to serve HTTPS, you will probably already have these files on your server. The config can point to the same files.</p> <p>Below is an example SSO Client config file using these credentials. The <code>&lt;credentials&gt;</code> element is new, and the old <code>&lt;keystore&gt;</code> element can be removed entirely. The credentials require the path to a chain file, which contains the intermediate certificates. If you are using Apache to serve HTTPS, you probably already have such a file specified in your config as <code>SSLCertificateChainFile</code>.</p> \\\ &lt;?xml version=”1.0” encoding=”UTF-8”?&gt; true new <a rel="nofollow">urn:mace:eduserv.org.uk:athens:provider:warwick.ac.uk</a> <a href="https://websignon.warwick.ac.uk/origin/hs" rel="nofollow">https://websignon.warwick.ac.uk/origin/hs</a> <a href="https://websignon.warwick.ac.uk/origin/logout" rel="nofollow">https://websignon.warwick.ac.uk/origin/logout</a> <a href="https://websignon.warwick.ac.uk/origin/aa" rel="nofollow">https://websignon.warwick.ac.uk/origin/aa</a> SSO_USER x-requested-uri <a href="https://horses.warwick.ac.uk/shire" rel="nofollow">https://horses.warwick.ac.uk/shire</a> SSO-SSC-Horses / horses.warwick.ac.uk <a rel="nofollow">urn:horses.warwick.ac.uk:stable:service</a> <a rel="nofollow">file:/etc/apache2/SSL/horses.warwick.ac.uk.crt</a> <a rel="nofollow">file:/etc/apache2/SSL/horses.warwick.ac.uk.key</a> <a rel="nofollow">file:/etc/apache2/SSL/terena-ca.crt</a> \\\ <p><a href="http://build.elab.warwick.ac.uk/artefacts/sso-client/" rel="nofollow">Download SSO Client</a></p> Thu, 19 Jan 2012 11:51:01 GMT Nick Howes 094d43a23c3dda8f013c618daded6c93