By: Thomas Kuechenthal user 08 Aug 2019 at 6:04 p.m. CDT

2 Responses
Thomas Kuechenthal gravatar
Hi! I really tried hard for a while now, but adding a "trust relation ship" fails when the Metadata Location - URI contains a domain name with a new TLD: Is the URI being checked for validity and is it possible that new Tlds like .cloud are not taking into account yet? Thanks, Thomas

By Aliaksandr Samuseu staff 08 Aug 2019 at 6:18 p.m. CDT

Aliaksandr Samuseu gravatar
Hi, Thomas. I'm not sure what do you mean by "validity check", but as long as oxTrust can use this url to contact the web server and get the document it points to, it's fine. I really doubt oxTrust does any checks of the url itself. 1. Make sure that name resolution works **inside container**; try to `ping` for the `` from in there, and if `ping` can't resolve the name, then oxTrust most surely won't be able too 2. If 1) isn't the issue, make sure that certificate the target server uses for SSL is a universally trusted one; if it's self-signed, oxTrust will most likely reject it and won't be able to download the document; in such case you'll need to add the certificate to Java's truststore inside container and restart "identity" service

By Aliaksandr Samuseu staff 08 Aug 2019 at 6:20 p.m. CDT

Aliaksandr Samuseu gravatar
One more thing: 3. Try to actually request the document **from inside container** - with `wget`, for example; you can substitute `ping` test with it; if `wget` can't download it for any reason, or downloads something else instead of XML document, you'll need to figure out why that happens