Closed gertvv closed 2 months ago
We discussed this today as a team and we don't feel that using SSL bundles is the correct approach. Those interfaces and properties are specifically designed for SSL. Whilst it's technically possible to get the keys and certificates from the SSL bundle, using them to support SAML credentials isn't really their purpose.
We think instead we should try to improve the SAML properties to make it easier to use certificates and keys in a similar way to the bundle properties.
Context
I'm looking for good ways to inject the SAML encryption keys into the configuration and ideally without decrypting the key file on disk.
I previously raised this with Spring Security and @jzheaux asked me to open an issue here instead.
Requested enhancement
When acting as a SAML2 client, allow the lovely Spring SSL bundles to be used to specify the certificates in configuration. For example, by setting
spring.security.saml2.relyingparty.registration.<reg-id>.signing.credentials.bundle
.Current Behavior
The
private-key-location
andcertificate-key-location
must be set separately and don't seem to have useful functionality offered by the SSL bundles, such as loading from a keystore and decrypting the private key.