Hi again, Unfortunately I get an error while trying to use SAML signature:
Caused by: org.wso2.carbon.identity.application.authenticator.samlsso.exception.SAMLSSOException: Error while signing the SAML Request …. Caused by: org.apache.xml.security.signature.XMLSignatureException: can't identify EC private key. What is that "EC" private key ? Is there something special to do in wso2carbon.jks to allow SAML signature/encryption ? Thanks, Bernard Le 15 janv. 2020 à 19:09, Sathya Bandara <sat...@wso2.com<mailto:sat...@wso2.com>> a écrit : Hi Bernard, Shibboleth server public certificate configured in IDP config is used to verify the signature of SAML responses coming from Shibboleth. When configuring WSO2 as a SP in shibboleth, you need to give WSO2 server’s public certificate (in wso2carbon.jks). If you have enabled assertion encryption, then Shibboleth server will encrypt the SAML assertions using this WSO2 public key. WSO2 server will decrypt assertions using its private key in wso2carbon.jks. Hope this clarifies your query. On Wed, Jan 15, 2020 at 22:24, Bernard Paris <bernard.pa...@uclouvain.be<mailto:bernard.pa...@uclouvain.be>> wrote: Hello, I understood that the certificate defined into the 'Identity Provider Public Certificate' is the public shibboleth certificate needed to decrypt the incoming SAML responses. It was automatically set when I loaded the shibboleth metadata.xml file under " SAML2 Web SSO Configuration" > Metadata File Configuration On the opposite what I need is to give (where ?) my certificate with public AND private keys in order to sign/encrypt the SAML requests. Am I wrong ? Bernard Le 15 janv. 2020 à 17:23, Sathya Bandara <sat...@wso2.com> a écrit : Hi Bernard, You can upload the certificate into the 'Identity Provider Public Certificate' which is available under the 'Basic Information' section of Identity Provider configuration. Thanks, On Wed, Jan 15, 2020 at 8:19 PM Bernard Paris <bernard.pa...@uclouvain.be> wrote: Hi devs, We want to use Shibboleth as an identity provider for API manager V.3. In the carbon console, via the IdP list, we have added an IdP entry then under "Federated Authenticators section and the SAML2 Web SSO Configuration section" we have configured our Shibboleth as identity provider. This IdP entry will behave as an SP for shibboleth. Since we want Assertion Encryption and signing I understand this "SP like" needs a private/public key in a certificate to do so. I've made a self-signed certificate for this, and its public key has been be given to shibboleth in the metadata file (xml path: /EntityDescriptor/SPSSODescriptor/KeyDescriptor/KeyInfo/X509Data/X509Certificate). Now my question is "where am I to specify this certificate in my "Federated Authenticators section and the SAML2 Web SSO Configuration section" ?" I didn't find any field for that in the "SAML2 Web SSO Configuration section". Unless this encryption use must only use the APIM server certificate in wso2carbon.jks ? Hope my understand is correct, . Thanks for any help. Regards, Bernard _______________________________________________ Dev mailing list Dev@wso2.org http://wso2.org/cgi-bin/mailman/listinfo/dev -- Sathya Bandara Senior Software Engineer Blog: https://medium.com/@technospace WSO2 Inc. http://wso2.com Mobile: (+94) 715 360 421 [http://c.content.wso2.com/signatures/wso2-signature-general.png] -- Sathya Bandara Senior Software Engineer Blog: https://medium.com/@technospace WSO2 Inc. http://wso2.com Mobile: (+94) 715 360 421 [http://c.content.wso2.com/signatures/wso2-signature-general.png]
_______________________________________________ Dev mailing list Dev@wso2.org http://wso2.org/cgi-bin/mailman/listinfo/dev