Tech Trek: A Software Engineer's Guide to Code and Beyond

There can be a situation where you want to extract private key from your keystore but it is not a straight forward as we think as It involves two steps i.e. ·          Extracting private key from keystore in PKCS#12 format ·          Converting it to .PEM file Step1: Extracting in PKCS format keytool -v -importkeystore -srckeystore KEYSTORE_NAME -srcalias CERTIFICATE_ALIAS -destkeystore FILE_NAME.p12 -deststoretype PKCS12 Eg: keytool -v -importkeystore -srckeystore keystore.jks -srcalias  application -destkeystore privatekey.p12 -deststoretype PKCS12 Note: If you don’t know the alias name of your certificate then you can display it: keytool -list -v -keystore keystore.jks Step2: Converting it into .PEM FILE openssl pkcs12 -in privatekey.p12 -out private.pem             

Most of the variables created by the SP are controlled by you, and correspond to mapped attributes. A few are built into the SP and can't be renamed. Variable Meaning Shib-Application-ID The  applicationId  property derived for the request. Shib-Session-ID The internal session key assigned to the session associated with the request. Shib-Identity-Provider The  entityID  of the IdP that authenticated the user associated with the request. Shib-Authentication-Instant The ISO timestamp provided by the IdP indicating the time of authentication. Shib-Authentication-Method The  AuthenticationMethod  or  <AuthnContextClassRef>  value supplied by the IdP, if any. Shib-AuthnContext-Class The  AuthenticationMethod  or  <AuthnContextClassRef>  value supplied by the IdP, if any. ...

Today, I have encountered one interesting tool in Shibboleth IdP which will check the resolver, filters and also the metadata so that you can know exactly what will happen in any given situation without starting the IdP. J As a developer, I would say it’s a great tool as you don’t have to restart your IdP again and again after every changes. The name of the tool is (Attribute Authority, Command Line Interface) ACCLI which is located in the IDP_HOME/bin directory and is called aacli.sh or aacli.bat. How it works? Make sure, you have set IDP_HOME to your system environment variable. To check what all attribute it will return for userId SysAdmin and Service Provider EntityId “https://domain.waheedtechblog.com/shibboleth”) aacli.bat --configDir=C:\idp\conf\ --principal=SysAdmin --requester=https://domain1.com/Shibboleth Please check here for detail information.