Hi ,
When setting up the Jenkins SAML plugin, is it possible to configure two
different certificates (generated from the same private key) for signing
and encryption?
The plugin seems to allow to configure just one key alias from one
keystore. (
https://github.com/jenkinsci/saml-plugin/blob/master/doc/CONFIGURE.md)
I'ml looking to configure
alias 1 = private key A + signing certificate chain C1
alias 2 = private key A+ encryption certificate chain C2
When enabling option 'Auth Request Signature' to enable the signature of
the Redirect Binding Auth Request, I can see two key descriptors being
written to the saml-sp-metadata.xml file:
<md:KeyDescriptor use="encryption">
<ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#";>
<ds:X509Data>
<ds:X509Certificate>...
and
<md:KeyDescriptor use="signing">
<ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#";>
<ds:X509Data>
<ds:X509Certificate>...
This leads me to believe that a setup with different sign and encryption
certs is a possibility.
I've tried to configure the correct values for my setup directly in the
saml-sp-metadata.xml file, but the file gets overwritten on each login
attempt.
Does the current implementation of the saml plugin dictate the encryption
and signing cert to be the same and if not, how do I configure these?
Kind regards,
Chris
--
You received this message because you are subscribed to the Google Groups
"Jenkins Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to jenkinsci-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit
https://groups.google.com/d/msgid/jenkinsci-users/3568ffcd-e1d7-43d8-9a42-69d4d4359a5co%40googlegroups.com.
