[
https://issues.apache.org/jira/browse/CXF-3924?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Oliver Wulff updated CXF-3924:
------------------------------
Attachment: git.diff.patch
If you configure a signature properties file in the SAMLRealm bean then you
must also configure the callback handler. The signature alias is optional if it
can be resolved using getDefaultX509Identifier
> Support to configure keystore per SAML realm
> --------------------------------------------
>
> Key: CXF-3924
> URL: https://issues.apache.org/jira/browse/CXF-3924
> Project: CXF
> Issue Type: Improvement
> Components: Services
> Affects Versions: 2.5
> Reporter: Oliver Wulff
> Attachments: git.diff.patch
>
>
> You can configure the keystore in the properties file you configure using the
> attribute signaturePropertiesFile of the StaticSTSProperties class which is
> shared by all SAMLRealms. If you store several keys in one keystore, you can
> configure the signatureAlias in each SAMLRealm.
> It's best practise to not share several private keys in a single java
> keystore. If you configure several realms in your STS deployment and each
> realm uses a different key to sign the saml assertion you must store all
> private keys in one java keystore.
> Enhancement description:
> Add the signaturePropertiesFile to the SAMLRealm too which is optional but if
> configured has higher priority than signaturePropertiesFile in
> StaticSTSProperties.
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators:
https://issues.apache.org/jira/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira
