When WA is configured to hand off authentication to an external SAML2 identity provider via pac4j, pac4j expects a java keystore to be created/present on disk that will be used by WA as a SAML SP to interact with the IDP and to generate metadata, sign responses, etc. This keystore is expected to be found on disk, and pac4j does not allow other options for producing/fetching the keystore via REST.
Also, a number of other artifacts such as generation of SP metadata, etc should be configurable over rest.
- Allow pac4j to open up its api/configuration to allow for keystore fetching over rest
- Modify WA to use this configuration and produce keystore data over rest.
Note that a similar and separate task may be created to handle the same matter with delegated authn to OIDC OPs.