Hello, I understood that the certificate defined into the 'Identity Provider Public Certificate' is the public shibboleth certificate needed to decrypt the incoming SAML responses.
It was automatically set when I loaded the shibboleth metadata.xml file under " SAML2 Web SSO Configuration" > Metadata File Configuration On the opposite what I need is to give (where ?) my certificate with public AND private keys in order to sign/encrypt the SAML requests. Am I wrong ? Bernard Le 15 janv. 2020 à 17:23, Sathya Bandara <[email protected]<mailto:[email protected]>> a écrit : Hi Bernard, You can upload the certificate into the 'Identity Provider Public Certificate' which is available under the 'Basic Information' section of Identity Provider configuration. Thanks, On Wed, Jan 15, 2020 at 8:19 PM Bernard Paris <[email protected]<mailto:[email protected]>> wrote: Hi devs, We want to use Shibboleth as an identity provider for API manager V.3. In the carbon console, via the IdP list, we have added an IdP entry then under "Federated Authenticators section and the SAML2 Web SSO Configuration section" we have configured our Shibboleth as identity provider. This IdP entry will behave as an SP for shibboleth. Since we want Assertion Encryption and signing I understand this "SP like" needs a private/public key in a certificate to do so. I've made a self-signed certificate for this, and its public key has been be given to shibboleth in the metadata file (xml path: /EntityDescriptor/SPSSODescriptor/KeyDescriptor/KeyInfo/X509Data/X509Certificate). Now my question is "where am I to specify this certificate in my "Federated Authenticators section and the SAML2 Web SSO Configuration section" ?" I didn't find any field for that in the "SAML2 Web SSO Configuration section". Unless this encryption use must only use the APIM server certificate in wso2carbon.jks ? Hope my understand is correct, . Thanks for any help. Regards, Bernard _______________________________________________ Dev mailing list [email protected]<mailto:[email protected]> http://wso2.org/cgi-bin/mailman/listinfo/dev<https://eur03.safelinks.protection.outlook.com/?url=http%3A%2F%2Fwso2.org%2Fcgi-bin%2Fmailman%2Flistinfo%2Fdev&data=02%7C01%7Cbernard.paris%40uclouvain.be%7C1269b762893b41161cbb08d799d74ed5%7C7ab090d4fa2e4ecfbc7c4127b4d582ec%7C0%7C0%7C637147022330234415&sdata=Vxo0b7jIAoXGvgYiv1O1%2BGJuNa1IYHPxG5aihMPy9fM%3D&reserved=0> -- Sathya Bandara Senior Software Engineer Blog: https://medium.com/@technospace<https://eur03.safelinks.protection.outlook.com/?url=https%3A%2F%2Fmedium.com%2F%40technospace&data=02%7C01%7Cbernard.paris%40uclouvain.be%7C1269b762893b41161cbb08d799d74ed5%7C7ab090d4fa2e4ecfbc7c4127b4d582ec%7C0%7C0%7C637147022330244406&sdata=wHLUBQrufWOEGP1iHmj2Yom%2FyeKKS6BxnE2FXtzsv8I%3D&reserved=0> WSO2 Inc. http://wso2.com<https://eur03.safelinks.protection.outlook.com/?url=http%3A%2F%2Fwso2.com&data=02%7C01%7Cbernard.paris%40uclouvain.be%7C1269b762893b41161cbb08d799d74ed5%7C7ab090d4fa2e4ecfbc7c4127b4d582ec%7C0%7C0%7C637147022330244406&sdata=dP2aJ1PCQgi%2F4ZvPoXQ4QKDws8UhfItgodQEzy%2BfD38%3D&reserved=0> Mobile: (+94) 715 360 421 [http://c.content.wso2.com/signatures/wso2-signature-general.png] <tel:+94%2071%20411%205032>
_______________________________________________ Dev mailing list [email protected] http://wso2.org/cgi-bin/mailman/listinfo/dev
