Details

    • Target Version/s:
    • Verified Version/s:
    • Story Points:
      0.5
    • Sprint:
      2020.04 - IDM
    • Support Ticket IDs:

      Description

      Not able to configure a PKCS12 keystore type in IDM.

      Goal: Use a PKCS12 keystore in IDM

      Steps to reproduce:

      1) Convert the default JKS keystore to PKCS12:

      keytool -importkeystore -srckeystore keystore.jceks -srcstoretype jceks -srcstorepass changeit -destkeystore keystore.pkcs12 -deststoretype pkcs12 -deststorepass changeit

      2) Edit the conf/secrets.json file to point to the new PKCS12 keystore and change the following:

       

      "config": {
            "file": "&{openidm.keystore.location|&idm.install.dir}/security/keystore.pkcs12}",
            "storetype": "&{openidm.keystore.type|PKCS12}",
            "providerName": "&{openidm.keystore.provider|SunJSSE}",
            "storePassword": "&{openidm.keystore.password|changeit}",
           ....
      

      3) Restart IDM. 

      This is what is displayed in the logs:

       

      [12] Mar 16, 2020 1:25:53.845 PM org.forgerock.openidm.secrets.config.ConfigurationReader readConfiguration
      SEVERE: Unable to read secrets configuration
      com.fasterxml.jackson.databind.exc.InvalidFormatException: Cannot deserialize value of type `org.forgerock.openidm.secrets.keystore.KeyStoreType` from String "PKCS12": not one of the values accepted for Enum class: [JKS, PKCS11, JCEKS]
       at [Source: (String)"{
       "stores": [
       {
       "name": "mainKeyStore",
       "class": "org.forgerock.openidm.secrets.config.FileBasedStore",
       "config": {
       "file": "/opt/openidm/prod/security/keystore.pkcs12",
       "storetype": "PKCS12",
       "providerName": "SunJSSE",
       "storePassword": "changeit",
       "mappings": [
       {
       "secretId" : "idm.default",
       "types": [ "ENCRYPT", "DECRYPT" ],
       "aliases": [ "openidm-sym-default" ]
       },
       {
      "[truncated 1420 chars]; line: 8, column: 22] (through reference chain: org.forgerock.openidm.secrets.config.Secrets["stores"]->java.util.ArrayList[0]->org.forgerock.openidm.secrets.config.FileBasedStore["config"]->org.forgerock.openidm.secrets.config.FileBasedConfig["storetype"])

       

        Attachments

          Issue Links

            Activity

              People

              • Assignee:
                cgdrake Chris Drake
                Reporter:
                dennis.andrade Dennis Andrade
              • Votes:
                0 Vote for this issue
                Watchers:
                6 Start watching this issue

                Dates

                • Created:
                  Updated:
                  Resolved: