-
Notifications
You must be signed in to change notification settings - Fork 242
Github as Identity Provider
Vrinda edited this page Apr 17, 2023
·
1 revision
- Verify Github's certificate CA in JDK Truststore.
- Create Github as Identity Provider
in
dcm4cherealm exactly as mentioned. Except forClient IDandClient Secret, that one gets from Github, remaining field values are unchanged and set to defaults.
-
Download the PEM certificate from
View Page Info -> Security -> View Certificate -> Global Signfrom Github's website. -
JDK 11 onwards, Github Trust Services DigiCert High Assurance EV is part of the default set of root Certification Authority (CA) certificates. Verify the CA is available in JDK truststore.
keytool -list -v -keystore /usr/lib/jvm/java-13-oracle/lib/security/cacertsAlias name: debian:digicert_high_assurance_ev_root_ca.pem Creation date: May 14, 2019 Entry type: trustedCertEntry Owner: CN=DigiCert High Assurance EV Root CA, OU=www.digicert.com, O=DigiCert Inc, C=US Issuer: CN=DigiCert High Assurance EV Root CA, OU=www.digicert.com, O=DigiCert Inc, C=US Serial number: 2ac5c266a0b409b8f0b79f2ae462577 Valid from: Fri Nov 10 01:00:00 CET 2006 until: Mon Nov 10 01:00:00 CET 2031 Certificate fingerprints: SHA1: 5F:B7:EE:06:33:E2:59:DB:AD:0C:4C:9A:E6:D3:8F:1A:61:C7:DC:25 SHA256: 74:31:E5:F4:C3:C1:CE:46:90:77:4F:0B:61:E0:54:40:88:3B:A9:A0:1E:D0:0B:A6:AB:D7:80:6E:D3:B1:18:CF Signature algorithm name: SHA1withRSA Subject Public Key Algorithm: 2048-bit RSA key Version: 3 Extensions: #1: ObjectId: 2.5.29.35 Criticality=false AuthorityKeyIdentifier [ KeyIdentifier [ 0000: B1 3E C3 69 03 F8 BF 47 01 D4 98 26 1A 08 02 EF .>.i...G...&.... 0010: 63 64 2B C3 cd+. ] ] #2: ObjectId: 2.5.29.19 Criticality=true BasicConstraints:[ CA:true PathLen:2147483647 ] #3: ObjectId: 2.5.29.15 Criticality=true KeyUsage [ DigitalSignature Key_CertSign Crl_Sign ] #4: ObjectId: 2.5.29.14 Criticality=false SubjectKeyIdentifier [ KeyIdentifier [ 0000: B1 3E C3 69 03 F8 BF 47 01 D4 98 26 1A 08 02 EF .>.i...G...&.... 0010: 63 64 2B C3 cd+. ] ] -
If this is not available or one has an older JDK version, add Github's CA in the JDK truststore
sudo -i cat /Downloads/github-com.pem >> /usr/lib/jvm/<JDKOlderThan11>/lib/security/cacerts exit
DCM4CHEE 5 Documentation