Purpose of apollo key in the JKSKeyManager

[duncanportelli]

Hi,

This is more of a question rather than an issue. I am working on an idP-initiated solution and was taking a look at this sample application. In the keyManager() bean, a JKSKeyManager is being initialised with a default key apollo. Just wanted to ask what is the purpose of this key in the whole flow? Not sure if this key is used to encrypt auth requests in a SP-initiated scenario.

I noticed that the SAML responses from SSO circle are just signed but not encrypted. So, in the case of an idP-initiated SSO, no keys are required in the key store. In this case, what would the public key be please?

[vdenotaris]

Private keys (with either self-signed or CA signed certificates) are used to digitally sign SAML messages, encrypt their content and in some cases for SSL/TLS Client authentication of your service provider application. SAML Extension ships with a default private key in the samlKeystore.jks with alias apollo which can be used for initial testing, but for security reason should be replaced with your own key in early development stages.

For general questions about saml and spring-saml, I'd suggest using SO: https://stackoverflow.com/questions/tagged/spring-saml