Details
-
New Feature
-
Status: Closed
-
Minor
-
Resolution: Fixed
-
3.0.0-milestone1
-
None
-
Unknown
Description
Currently in case of using SAML SymmetricKey HolderOfKey STS should know all services certificates for which he issues the tokens.
If I deploy a new service, it is necessary to:
a) add service certificate into STS keystore as trusted entry;
b) configure alias (encryptionUserName) in appropriate STS Service/ServiceMBean
I think XKMS can useful even for SAML SymmetricKey HolderOfKey scenario to resolve certificates lookup.
We can extend XKMS with new ApplicationId, that service certificates can be searched on the base of service endpoint.
STS will recognize this case due a special constant for encryptionName and will replace that with AppliesTo attribute.