Currently idp_cert_multi allows a hashmap of certs for "signing" and "encryption". However, I don't think SAML actually supports encryption in this context--it's the SP's cert (public key) which is used for the IdP's encrypted assertions. Should we remove the concept of "IdP encryption certificates", and just make idp_cert_multi an array of signing certs?
def get_idp_cert_multi
return nil if idp_cert_multi.nil? || idp_cert_multi.empty?
raise ArgumentError.new("Invalid value for idp_cert_multi") unless idp_cert_multi.is_a?(Hash)
certs = {signing: [], encryption: [] }
%i[signing encryption].each do |type|
certs_for_type = idp_cert_multi[type] || idp_cert_multi[type.to_s]
next if !certs_for_type || certs_for_type.empty?
certs_for_type.each do |idp_cert|
certs[type].push(RubySaml::Utils.build_cert_object(idp_cert))
end
end
certs
end
Currently idp_cert_multi allows a hashmap of certs for "signing" and "encryption". However, I don't think SAML actually supports encryption in this context--it's the SP's cert (public key) which is used for the IdP's encrypted assertions. Should we remove the concept of "IdP encryption certificates", and just make
idp_cert_multian array of signing certs?