Reputation: 822
WSO2 certificate setup for service provider
We are using the Spring-SAML extension to implement our SSO POC. I've got it working perfectly going against ssocircle.com as our IdP. We now want to bring the IdP internal, so we have chosen WSO2 as our I.S. I'm at the beginning/setup stage and the main issue I'm having is the "Certificate Alias" selection under "Register New Service Provider" in the web based management console. The Spring-SAML default config points to a JKS named "samlKeystore.jks". I'm still using this because I'm still in a test/POC mode. In order to register the SP for the WSO2 IS, I believe I need to be able to import the default cert used in samlKeystore.jks. I've exported the Apollo key and have imported it into wso2carbon.jks. The cert does show up in the Certificate Alias selection list, and I can select it. However, after saving, it always resets back to the wso2carbon.cert. I'm thinking something is wrong with my cert or the export/import procedure I'm employing. Does anyone have some insight here?
Upvotes: 1
Views: 364
Answers (1)
Reputation: 901
You have to check the Enable Signature Validation in Authentication Requests and Logout Requests in addition to selecting the alias. Otherwise the alias is of no use and won't be saved. (When there is no value saved for alias it shows the wso2carbon.cert by default).
Upvotes: 1
Related Questions
- SSL Certificate configuration for WSO2 API 3.2
- WSO2IS 5.3.0 - Federated SAML & Enable Authentication Request Signing
- WSO2 identity server - SAML2 Response Issuer verification failed
- Wso2 - Change Resident Identity Provider to use different certificate other than wso2carbon
- Unable to configure SAML2 Web SSO Configuration under Service Providers in WSO2 API Manager 3.0.0
- WSO2 IS: How to add SSL Certificate
- How to configure Comodo SSL on WSO2
- COMODO SSL Configuration for WSO2 API and IS Domains
- Spring WS Security WSS4J with SAML from WSO2
- Spring SAML wso2