Uploaded image for project: 'CXF'
  1. CXF
  2. CXF-3924

Support to configure keystore per SAML realm

    Details

    • Type: Improvement
    • Status: Closed
    • Priority: Major
    • Resolution: Fixed
    • Affects Version/s: 2.5
    • Fix Version/s: 2.5.1
    • Component/s: Services
    • Labels:
      None
    • Estimated Complexity:
      Unknown

      Description

      You can configure the keystore in the properties file you configure using the attribute signaturePropertiesFile of the StaticSTSProperties class which is shared by all SAMLRealms. If you store several keys in one keystore, you can configure the signatureAlias in each SAMLRealm.

      It's best practise to not share several private keys in a single java keystore. If you configure several realms in your STS deployment and each realm uses a different key to sign the saml assertion you must store all private keys in one java keystore.

      Enhancement description:
      Add the signaturePropertiesFile to the SAMLRealm too which is optional but if configured has higher priority than signaturePropertiesFile in StaticSTSProperties.

        Attachments

        1. git.diff.patch
          21 kB
          Oliver Wulff

          Activity

            People

            • Assignee:
              coheigea Colm O hEigeartaigh
              Reporter:
              owulff Oliver Wulff
            • Votes:
              0 Vote for this issue
              Watchers:
              1 Start watching this issue

              Dates

              • Created:
                Updated:
                Resolved: