I am trying to use Spring Security SAML as an SP for one of my projects. The SAML2.0 assertion is coming from a 3rd party system and has got a digital signature and the assertion is encrypted.
I tried to create a Java Key store with two certificates/keys (one for signature and one for encryption), but it doesn't work. If I have just one jks for either signature or decryption one of them works. Can't find any examples anywhere where there is signature and decryption used with two certificates/keys. Below is the JKSKeymanager configuration. Any help would be highly appreciated.
Which doesn't work
<beans:bean id="keyManager" class="org.springframework.security.saml.key.JKSKeyManager">
<beans:constructor-arg value="file:${config.location}/defaultSAMLKeyStore.jks"/>
<beans:constructor-arg type="java.lang.String" value="Welcome1"/>
<beans:constructor-arg>
<beans:map>
<beans:entry key="samlAssertionEncryption" value="Welcome1"/>
<beans:entry key="samlSignature" value="Welcome1"/>
</beans:map>
</beans:constructor-arg>
<beans:constructor-arg type="java.lang.String" value="samlSignature"/>
</beans:bean>
Where signature/(or) decryption works when we interchange the keys
<beans:bean id="keyManager" class="org.springframework.security.saml.key.JKSKeyManager">
<beans:constructor-arg value="file:${config.location}/defaultSAMLKeyStore.jks"/>
<beans:constructor-arg type="java.lang.String" value="Welcome1"/>
<beans:constructor-arg>
<beans:map>
<beans:entry key="samlSignature" value="Welcome1"/>
</beans:map>
</beans:constructor-arg>
<beans:constructor-arg type="java.lang.String" value="samlSignature"/>
</beans:bean>