Hi Rushmin, Please see my answer inline.
On Thu, Aug 18, 2016 at 4:43 PM, Rushmin Fernando <[email protected]> wrote: > > In current App Manager the service providers of tenants are getting > created in the super tenant space. > > We are in the process of creating the service providers in the relevant > tenants. > > In the app manager gateway, we use SAML SSO to authenticate the users, and > the aforementioned service providers are used. > > When it comes to validating the the SAML response signature, I can see > that we can re-use > *org.wso2.carbon.identity.sso.saml.util.SAMLSSOUtil::getX509CredentialImplForTenant()* > > As per the code, it uses the tenant key store to get the certificates. And > we can get the certificate by using the tenant name as the alias > > @IS team, do you see any issues with re-using this code in our gateway ? > > @Amila, in a cloud story do we need to configure the key aliases for each > tenant or can we live with the default alias (which is the tenant domain > name) ? > Default alias is fine. Since the tenant keystores are only used for intetnal purposes similar to this one, there wont be scenarios where tenants changing this. > > > > -- > *Best Regards* > > *Rushmin Fernando* > *Technical Lead* > > WSO2 Inc. <http://wso2.com/> - Lean . Enterprise . Middleware > > mobile : +94772891266 > > > -- *Amila Maharachchi* Senior Technical Lead WSO2, Inc.; http://wso2.com Blog: http://maharachchi.blogspot.com Mobile: +94719371446
_______________________________________________ Dev mailing list [email protected] http://wso2.org/cgi-bin/mailman/listinfo/dev
