Uploaded image for project: 'SX Spring Security Extension'
  1. SX Spring Security Extension
  2. SES-106

HTTPMetadataProvider does not handle tlsKeys correctly

    Details

    • Type: Bug
    • Status: Closed
    • Priority: Minor
    • Resolution: Complete
    • Affects Version/s: None
    • Fix Version/s: saml-1.0.0.RC1
    • Component/s: saml
    • Labels:
      None
    • Environment:
      tomcat, ADFS2.0

      Description

      When we use the HTTPMetadataProvider:

      On return from the IDP, we get a

      java.security.cert.CertificateException: Peer SSL/TLS certificate is not trusted, add the certificate to your trust store and update tlsKey in extended metadata with the certificate alias.

      To overcome this we wrap the HTTPMetadataProvider in an ExtendedMetadataDelegate and provide a tlsKey which is the SSL certificate presented by the IDP. This should probably be handled by the HTTPMetadataProvider so the wrapping should be unnecessary. We also tried to give the CA certificate used to sign the SSL certificate but that did not work either, which will pose a maintenance nightmare.

        Attachments

          Activity

            People

            • Assignee:
              vsch Vladimir Schäfer
              Reporter:
              henrikab Henrik Abeler
            • Votes:
              1 Vote for this issue
              Watchers:
              1 Start watching this issue

              Dates

              • Created:
                Updated:
                Resolved: