Reputation: 177
use of samlKeystore.jks in Spring SAML extension
I am new to SSO and Sping SAML extension. i have implemented Spring SAML extension into our application where our application acts as a SP. i have following question related to our requirement.
1) I would like to understand the use of samlKeystore.jks in Spring saml extension 2) I would like to know if we can skip the use of samlKeystore.jks in any manner. Basically the reason for this the client can give us information on Just the meta data and nothing apart from that.if we are using samlKeystore.jks do we need anything else
Upvotes: 1
Views: 1990
Answers (2)
Reputation: 15533
The keystore is used for storage of private certificates used to digitally sign messages created by the Service Provider and decrypting of messages sent from Identity Providers.
Spring SAML currently requires you to have at least a default key available, even in case it won't get used.
Upvotes: 0
Reputation: 2744
If you don't need to sign SAML protocol message or encrypt SAML assertions you don't need the keystore. However some SAML Bindings mandates or at least highly recommend to sign so that the protocol messages are not tampered with at the user agent.
Upvotes: 1
Related Questions
- How can I force spring-saml-extension to re-authenticate everytime?
- Spring Security SAML extension ADFS
- How do I implement SAML for my Spring Boot application?
- Spring Security SAML with standard java application
- Implementing Single Sign on using ADFS
- Issues while integrating ADFS with Spring SAML Extension
- ADFS refuse spring-saml metadata
- Why spring-saml-extension and adfs 2.0 return a 403 error?
- Configuring ADFS 3.0 / SAML 2.0 to work with Spring Security for SSO integration
- Spring SAML ADFS: java.security.InvalidKeyException