Hi , When setting up the Jenkins SAML plugin, is it possible to configure two different certificates (generated from the same private key) for signing and encryption? The plugin seems to allow to configure just one key alias from one keystore. ( https://github.com/jenkinsci/saml-plugin/blob/master/doc/CONFIGURE.md) I'ml looking to configure alias 1 = private key A + signing certificate chain C1 alias 2 = private key A+ encryption certificate chain C2
When enabling option 'Auth Request Signature' to enable the signature of the Redirect Binding Auth Request, I can see two key descriptors being written to the saml-sp-metadata.xml file: <md:KeyDescriptor use="encryption"> <ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#"> <ds:X509Data> <ds:X509Certificate>... and <md:KeyDescriptor use="signing"> <ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#"> <ds:X509Data> <ds:X509Certificate>... This leads me to believe that a setup with different sign and encryption certs is a possibility. I've tried to configure the correct values for my setup directly in the saml-sp-metadata.xml file, but the file gets overwritten on each login attempt. Does the current implementation of the saml plugin dictate the encryption and signing cert to be the same and if not, how do I configure these? Kind regards, Chris -- You received this message because you are subscribed to the Google Groups "Jenkins Users" group. To unsubscribe from this group and stop receiving emails from it, send an email to jenkinsci-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/jenkinsci-users/3568ffcd-e1d7-43d8-9a42-69d4d4359a5co%40googlegroups.com.