Return-Path: 
 <issues-return-19125-apmail-cxf-issues-archive=cxf.apache.org@cxf.apache.org>
X-Original-To: apmail-cxf-issues-archive@www.apache.org
Delivered-To: apmail-cxf-issues-archive@www.apache.org
Received: from mail.apache.org (hermes.apache.org [140.211.11.3])
	by minotaur.apache.org (Postfix) with SMTP id B66429787
	for <apmail-cxf-issues-archive@www.apache.org>;
 Fri, 18 Nov 2011 07:36:20 +0000 (UTC)
Received: (qmail 43290 invoked by uid 500); 18 Nov 2011 07:36:20 -0000
Delivered-To: apmail-cxf-issues-archive@cxf.apache.org
Received: (qmail 43244 invoked by uid 500); 18 Nov 2011 07:36:17 -0000
Mailing-List: contact issues-help@cxf.apache.org; run by ezmlm
Precedence: bulk
List-Help: <mailto:issues-help@cxf.apache.org>
List-Unsubscribe: <mailto:issues-unsubscribe@cxf.apache.org>
List-Post: <mailto:issues@cxf.apache.org>
List-Id: <issues.cxf.apache.org>
Reply-To: dev@cxf.apache.org
Delivered-To: mailing list issues@cxf.apache.org
Received: (qmail 43233 invoked by uid 99); 18 Nov 2011 07:36:15 -0000
Received: from nike.apache.org (HELO nike.apache.org) (192.87.106.230)
    by apache.org (qpsmtpd/0.29) with ESMTP; Fri, 18 Nov 2011 07:36:15 +0000
X-ASF-Spam-Status: No, hits=-2001.2 required=5.0
	tests=ALL_TRUSTED,RP_MATCHES_RCVD
X-Spam-Check-By: apache.org
Received: from [140.211.11.116] (HELO hel.zones.apache.org) (140.211.11.116)
    by apache.org (qpsmtpd/0.29) with ESMTP; Fri, 18 Nov 2011 07:36:13 +0000
Received: from hel.zones.apache.org (hel.zones.apache.org [140.211.11.116])
	by hel.zones.apache.org (Postfix) with ESMTP id C95488C52D
	for <issues@cxf.apache.org>; Fri, 18 Nov 2011 07:35:51 +0000 (UTC)
Date: Fri, 18 Nov 2011 07:35:51 +0000 (UTC)
From: "Oliver Wulff (Created) (JIRA)" <jira@apache.org>
To: issues@cxf.apache.org
Message-ID: 
 <93675779.42458.1321601751826.JavaMail.tomcat@hel.zones.apache.org>
Subject: [jira] [Created] (CXF-3924) Support to configure keystore per SAML
 realm
MIME-Version: 1.0
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: 7bit
X-JIRA-FingerPrint: 30527f35849b9dde25b450d4833f0394
X-Virus-Checked: Checked by ClamAV on apache.org

Support to configure keystore per SAML realm
--------------------------------------------

                 Key: CXF-3924
                 URL: https://issues.apache.org/jira/browse/CXF-3924
             Project: CXF
          Issue Type: Improvement
          Components: Services
    Affects Versions: 2.5
            Reporter: Oliver Wulff


You can configure the keystore in the properties file you configure using the attribute signaturePropertiesFile of the StaticSTSProperties class which is shared by all SAMLRealms. If you store several keys in one keystore, you can configure the signatureAlias in each SAMLRealm.

It's best practise to not share several private keys in a single java keystore. If you configure several realms in your STS deployment and each realm uses a different key to sign the saml assertion you must store all private keys in one java keystore.

Enhancement description:
Add the signaturePropertiesFile to the SAMLRealm too which is optional but if configured has higher priority than signaturePropertiesFile in StaticSTSProperties.


--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators: https://issues.apache.org/jira/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira