Thanks for the information Ivan. That year timeline is something we didn't know about. Could you expand on the keystore information? It was really sparce in the documentation. The main part I want to know about is the private key alias but expanding on all the fields would be helpful.
-----Original Message----- From: Ivan Fernandez Calvo <kuisathave...@gmail.com> Reply-To: jenkinsci-users@googlegroups.com To: Jenkins Users <jenkinsci-users@googlegroups.com> Subject: SAML X509 and KeyDescriptor tags missing Date: Wed, 30 Oct 2019 12:30:17 -0700 (PDT) You have to enable Auth Request Signature setting into encryption settings. Also, keep in mind that if you do not configure a keystore with a certificate you are using an auto generated certificate that it is valid for a year Auth Request Signature - Enable signature of the Redirect Binding Auth Request, If you enable it the encryption and signing key would available in the SP metadata file and URL (JENKINS_URL/securityRealm/metadata). Encryption - If your provider requires encryption or signing, you can specify the keystore details here that should be used. If you do not specify a keystore, the plugin would create one with a key that is valid for a year, this key would be recreate when it expires, by default the key is not exposed in the SP metadata if you do not enable signing. -- You received this message because you are subscribed to the Google Groups "Jenkins Users" group. To unsubscribe from this group and stop receiving emails from it, send an email to jenkinsci-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/jenkinsci-users/1ea1fb1c0e2ca6031be3282e286476f5997cdcce.camel%40linux.intel.com.
