SX Spring Security Extension
  1. SX Spring Security Extension
  2. SES-117

Remove dependency to the root CA SSL/TLS endpoint certificate

    Details

    • Type: Improvement Improvement
    • Status: Resolved
    • Priority: Major Major
    • Resolution: Complete
    • Affects Version/s: saml-1.0.0.RC1
    • Fix Version/s: None
    • Component/s: saml
    • Labels:
      None

      Description

      The following error shows up for each authentication if not the root CA certificate of the SSL/TLS endpoint is added to the IdP metadata:

      ERROR 24.01.2013 14:38:10:219 (CertPathPKIXTrustEvaluator.java:validate:81) - PKIX path construction failed for untrusted credential:
      

      Even though it is possible to get rid of this error message by adding the leaf certificate of the SSL/TLS endpoint to the SAML keystore, it is not an ideal solution since the SP then needs to be dependent on and maintain an additional certificate from the IdP.

        Activity

        Hide
        Vladimir Schäfer added a comment -

        PKIXInformation is now populated into one object. Previously two objects were used and PKIX validation reported an error in case first batch didn't contain certificate which would match the signature.

        Show
        Vladimir Schäfer added a comment - PKIXInformation is now populated into one object. Previously two objects were used and PKIX validation reported an error in case first batch didn't contain certificate which would match the signature.

          People

          • Assignee:
            Vladimir Schäfer
            Reporter:
            Erlend Garåsen
          • Votes:
            0 Vote for this issue
            Watchers:
            2 Start watching this issue

            Dates

            • Created:
              Updated:
              Resolved: