Uploaded image for project: 'SX Spring Security Extension'
  1. SX Spring Security Extension
  2. SES-117

Remove dependency to the root CA SSL/TLS endpoint certificate

    Details

    • Type: Improvement
    • Status: Closed
    • Priority: Major
    • Resolution: Complete
    • Affects Version/s: saml-1.0.0.RC1
    • Fix Version/s: None
    • Component/s: saml
    • Labels:
      None

      Description

      The following error shows up for each authentication if not the root CA certificate of the SSL/TLS endpoint is added to the IdP metadata:

      ERROR 24.01.2013 14:38:10:219 (CertPathPKIXTrustEvaluator.java:validate:81) - PKIX path construction failed for untrusted credential:
      

      Even though it is possible to get rid of this error message by adding the leaf certificate of the SSL/TLS endpoint to the SAML keystore, it is not an ideal solution since the SP then needs to be dependent on and maintain an additional certificate from the IdP.

        Attachments

          Activity

            People

            • Assignee:
              vsch Vladimir Schäfer
              Reporter:
              erlendfg Erlend Garåsen
            • Votes:
              0 Vote for this issue
              Watchers:
              2 Start watching this issue

              Dates

              • Created:
                Updated:
                Resolved: