In real world we are deploying IS behind a LB. And we use SSL termination at LB level. So most of the time, no one want's to install actual certs to WSO2 servers. But since Users see the application with some proper cert so to make SAML response sign with that cert, currently we have to install it as the primary KeyStore in Carbon. IMHO we need to give the option of changing it by letting users use a different KeyStore for response signing.
WDYT? Thanks & Regards Danushka Fernando Associate Tech Lead WSO2 inc. http://wso2.com/ Mobile : +94716332729 On Wed, Nov 8, 2017 at 2:10 PM, Godwin Shrimal <[email protected]> wrote: > Hi Dhanushka, > > AFAIK it's not possible to use different keystore for token signing. The > same topic discussed sometime back in [1], it's not only for SAML, for > other tokens as well. > @IAM Team: Do we have consider that feature in our roadmaps ? > > [1] Architecture] Having separate keystore (private key) for each token > signing in WSO2IS > > Thanks > Godwin > > > On Wed, Nov 8, 2017 at 8:52 AM, Danushka Fernando <[email protected]> > wrote: > >> Hi All >> >> Currently in Identity Server we use server's primary keystore's primary >> cert for response signing. Is it possible to use a different cert for this >> somehow? >> >> Thanks & Regards >> Danushka Fernando >> Associate Tech Lead >> WSO2 inc. http://wso2.com/ >> Mobile : +94716332729 <+94%2071%20633%202729> >> >> _______________________________________________ >> Dev mailing list >> [email protected] >> http://wso2.org/cgi-bin/mailman/listinfo/dev >> >> > > > -- > *Godwin Amila Shrimal* > Associate Technical Lead > WSO2 Inc.; http://wso2.com > lean.enterprise.middleware > > mobile: *+94772264165* > linkedin: *https://www.linkedin.com/in/godwin-amila-2ba26844/ > <https://www.linkedin.com/in/godwin-amila-2ba26844/>* > twitter: https://twitter.com/godwinamila > <http://wso2.com/signature> >
_______________________________________________ Dev mailing list [email protected] http://wso2.org/cgi-bin/mailman/listinfo/dev
