@Override protected IDPSSODescriptor buildIDPSSODescriptor(String entityBaseURL, String entityAlias, boolean wantAuthnRequestSigned, Collection<String> includedNameID) { IDPSSODescriptor result = super.buildIDPSSODescriptor(entityBaseURL, entityAlias, wantAuthnRequestSigned, includedNameID); //metadata should not contain inactive keys KeyManager samlSPKeyManager = IdentityZoneHolder.getSamlSPKeyManager(); if (samlSPKeyManager != null && samlSPKeyManager.getAvailableCredentials()!=null) { Set<String> allKeyAliases = new HashSet(samlSPKeyManager.getAvailableCredentials()); String activeKeyAlias = samlSPKeyManager.getDefaultCredentialName(); allKeyAliases.remove(activeKeyAlias); for (String keyAlias : allKeyAliases) { result.getKeyDescriptors().add(getKeyDescriptor(UsageType.SIGNING, getServerKeyInfo(keyAlias))); } }//add inactive keys as signing verification keys return result; } }
idpDescriptor.getKeyDescriptors().add(getKeyDescriptor(UsageType.SIGNING, getServerKeyInfo(signingKey))); } else { log.info( idpDescriptor.getKeyDescriptors() .add(getKeyDescriptor(UsageType.ENCRYPTION, getServerKeyInfo(encryptionKey))); } else { idpDescriptor.getKeyDescriptors().add(getKeyDescriptor(UsageType.UNSPECIFIED, getServerKeyInfo(tlsKey)));
if (idpDescriptor.getKeyDescriptors() != null) { for (KeyDescriptor kd : idpDescriptor.getKeyDescriptors()) { if (kd.getUse() == UsageType.SIGNING) { try {
private static List<X509Certificate> getCertificates(IDPSSODescriptor idpSsoDescriptor) throws SamlException { List<X509Certificate> certificates; try { certificates = idpSsoDescriptor .getKeyDescriptors() .stream() .filter(x -> x.getUse() == UsageType.SIGNING) .flatMap(SamlClient::getDatasWithCertificates) .map(SamlClient::getFirstCertificate) .collect(Collectors.toList()); } catch (Exception e) { throw new SamlException("Exception in getCertificates", e); } return certificates; }
idpssoDescriptor.getKeyDescriptors().add(encKeyDescriptor);
for (KeyDescriptor kdesc : idpDesc.getKeyDescriptors()) { if (kdesc.getUse() != UsageType.SIGNING) { continue;
keyDescriptor.setKeyInfo(getKeyInfo(identity)); keyDescriptor.setUse(UsageType.SIGNING); idpssoDescriptor.getKeyDescriptors().add(keyDescriptor);
properties[10] = property; List<KeyDescriptor> descriptors = idpssoDescriptor.getKeyDescriptors(); if (CollectionUtils.isNotEmpty(descriptors)) { for (int i = 0; i < descriptors.size(); i++) {
for (KeyDescriptor kdesc: idpDesc.getKeyDescriptors()) { if (kdesc.getUse() != UsageType.SIGNING) continue;