Return-Path: X-Original-To: apmail-cxf-issues-archive@www.apache.org Delivered-To: apmail-cxf-issues-archive@www.apache.org Received: from mail.apache.org (hermes.apache.org [140.211.11.3]) by minotaur.apache.org (Postfix) with SMTP id 61D489CEC for ; Thu, 24 Nov 2011 15:45:03 +0000 (UTC) Received: (qmail 14228 invoked by uid 500); 24 Nov 2011 15:45:03 -0000 Delivered-To: apmail-cxf-issues-archive@cxf.apache.org Received: (qmail 14194 invoked by uid 500); 24 Nov 2011 15:45:03 -0000 Mailing-List: contact issues-help@cxf.apache.org; run by ezmlm Precedence: bulk List-Help: List-Unsubscribe: List-Post: List-Id: Reply-To: dev@cxf.apache.org Delivered-To: mailing list issues@cxf.apache.org Received: (qmail 14186 invoked by uid 99); 24 Nov 2011 15:45:03 -0000 Received: from athena.apache.org (HELO athena.apache.org) (140.211.11.136) by apache.org (qpsmtpd/0.29) with ESMTP; Thu, 24 Nov 2011 15:45:03 +0000 X-ASF-Spam-Status: No, hits=-2001.2 required=5.0 tests=ALL_TRUSTED,RP_MATCHES_RCVD X-Spam-Check-By: apache.org Received: from [140.211.11.116] (HELO hel.zones.apache.org) (140.211.11.116) by apache.org (qpsmtpd/0.29) with ESMTP; Thu, 24 Nov 2011 15:45:02 +0000 Received: from hel.zones.apache.org (hel.zones.apache.org [140.211.11.116]) by hel.zones.apache.org (Postfix) with ESMTP id 1C7199C079 for ; Thu, 24 Nov 2011 15:44:42 +0000 (UTC) Date: Thu, 24 Nov 2011 15:44:42 +0000 (UTC) From: "Colm O hEigeartaigh (Updated) (JIRA)" To: issues@cxf.apache.org Message-ID: <576349775.10003.1322149482117.JavaMail.tomcat@hel.zones.apache.org> In-Reply-To: <93675779.42458.1321601751826.JavaMail.tomcat@hel.zones.apache.org> Subject: [jira] [Updated] (CXF-3924) Support to configure keystore per SAML realm MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 7bit X-JIRA-FingerPrint: 30527f35849b9dde25b450d4833f0394 [ https://issues.apache.org/jira/browse/CXF-3924?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Colm O hEigeartaigh updated CXF-3924: ------------------------------------- Fix Version/s: 2.5.1 > Support to configure keystore per SAML realm > -------------------------------------------- > > Key: CXF-3924 > URL: https://issues.apache.org/jira/browse/CXF-3924 > Project: CXF > Issue Type: Improvement > Components: Services > Affects Versions: 2.5 > Reporter: Oliver Wulff > Assignee: Colm O hEigeartaigh > Fix For: 2.5.1 > > Attachments: git.diff.patch > > > You can configure the keystore in the properties file you configure using the attribute signaturePropertiesFile of the StaticSTSProperties class which is shared by all SAMLRealms. If you store several keys in one keystore, you can configure the signatureAlias in each SAMLRealm. > It's best practise to not share several private keys in a single java keystore. If you configure several realms in your STS deployment and each realm uses a different key to sign the saml assertion you must store all private keys in one java keystore. > Enhancement description: > Add the signaturePropertiesFile to the SAMLRealm too which is optional but if configured has higher priority than signaturePropertiesFile in StaticSTSProperties. -- This message is automatically generated by JIRA. If you think it was sent incorrectly, please contact your JIRA administrators: https://issues.apache.org/jira/secure/ContactAdministrators!default.jspa For more information on JIRA, see: http://www.atlassian.com/software/jira