Great overview. Would be great to have something like this on the wiki. I spotted one thing. The public key in the RP is the "STS App Public Key" instead of "STS Container SSL Public Key".
The keystore to validate the SAML token signature is configured here: http://cxf.apache.org/fediz-configuration.html -->certificateStores Do you plan a SignedSupportingTokens policy between the IDP and STS or use mutual SSL-handshake? Thanks Oli ________________________________________ From: chris snow [chsnow...@gmail.com] Sent: 03 May 2013 14:49 To: users@cxf.apache.org Subject: Re: Fediz: key and keystore requirements I'm trying to understand the key and keystore requirements for fediz using IDP, STS and RP all deployed in separate web containers and using native spring security in the RP. I have uploaded my current understanding here: http://picpaste.com/Fediz_Keystores-INNrABZM.png Questions: Is this diagram correct? The diagram has some questions: "Configured in ?" - where are these keys configured in the code?