Uploaded image for project: 'JOC - JobScheduler Operations Center'
  1. JOC - JobScheduler Operations Center
  2. JOC-1761

New default handling for truststore settings for LDAPS

    XMLWordPrintable

Details

    Description

      Current Situation

      Case 1: Setting truststore_path in joc.properties is empty

      • truststore_path from ldap identity service is used
      • truststore_password from ldap identity service is used
      • truststore type from ldap identity service is used
      • If truststore_path is empty system property javax.net.ssl.trustStore is used
      • If truststore_password is empty system property javax.net.ssl.trustStorePassword is used
      • If truststore_type is empty system property javax.net.ssl.trustStoreTypeis used

      If truststore_type is null "PKCS12" is used

      The truststore_path is absolut or relative to JETTY_BASE/resources/joc

      Case 2: Setting truststore_path in joc.properties is NOT empty

      • truststore_path from joc.properties is used
      • truststore_password from joc.properties is used
      • truststore type from joc.properties is used
      • If truststore_path is empty system property javax.net.ssl.trustStore is used
      • If truststore_password is empty system property javax.net.ssl.trustStorePassword is used
      • If truststore_type is empty system property javax.net.ssl.trustStoreTypeis used

      If truststore_type is null "PKCS12" is used

      The truststore_path is absolut or relative to JETTY_BASE/resources/joc

      Desired Behavior

      The settings in the ldap identity service take precedence over the settings in joc.properties

      • truststore_path from ldap identity service is used
      • truststore_password from ldap identity service is used
      • truststore type from ldap identity service is used
      • If truststore_path is empty truststore_path from joc.properties is used
      • If truststore_password is empty truststore_password from joc.properties is used
      • If truststore_type is empty truststore type from joc.properties is used
      • If truststore_path is empty system property javax.net.ssl.trustStore is used
      • If truststore_password is empty system property javax.net.ssl.trustStorePassword is used
      • If truststore_type is empty system property javax.net.ssl.trustStoreTypeis used

      If truststore_type is null "PKCS12" is used

      The truststore_path is absolut or relative to JETTY_BASE/resources/joc

       

      Compatibility

      • When the truststore_path was stored in joc.properties and not in the identity service --> Compatible
      • When the truststore_path was stored in the identity service and not in joc.properties --> Compatible
      • When the truststore_path was stored in the identity service and in joc.properties
      • * --> Compatible if it is the same value.
        • --> NOT compatible if these are different values.
          • Possible action: Change or remove the setting according with the truststore in the identity service.

      Attachments

        Activity

          People

            ur Uwe Risse
            ur Uwe Risse
            Pramokshi Narawariya Pramokshi Narawariya
            Votes:
            0 Vote for this issue
            Watchers:
            2 Start watching this issue

            Dates

              Created:
              Updated:
              Resolved: