Spring Security SAML IdP Metadata Certificate and Signature

Question

I have looked at many questions including https://stackoverflow.com/a/25384924/1317559. I have the IdP metadata and certificate, but can\'t seem to get Spring so see it.

<

Answer 1

The Spring SAML manual describes metadata trust verification in chapter 7.2.4. One option is to disable the trust check, or manually remove the signature XML from metadata. Just like you found out, the certificate to import to samlKeystore.jks is the one used to produce the metadata signature, not the signing/encryption certificates for specific SP or IDP entities.

Answer 2

This problem was fixed. There were many problems in fact. I am using the Spring SAML sample application:

• Need to add the public certificate (the first one after the signature, in the idp metadata) to the samlKeystore.jks under Other sources, security.
• The password is nalle123 .
• Don't put anything in the securityContext.xml file.

Answer 3

Also worth noting: Don't change the signed file - happened to me when I reformatted the ADFS generated one-liner. Obviously changes the file's signature.