SAML - Multiple Signing Keys

Forum|Forum|10 years ago
February 23, 2016
5 replies
1749 views

Does anyone know if the SAML Authentication Handler supports multiple Signing Keys?

Thanks

This post is no longer active and is closed to new replies. Need help? Start a new post to ask your question.

Best answer by Sham_HC

For now it is not supported. Assume it is supported how would you visualize which one to select based on that multiple keys?

Sham_HC

New Participant

Thanks for details. We store idpCertAlias as string & need to change to array to match your need. Sounds doable, can you please file a support request to track this enhancement?

N

nkroonAuthor

New Participant

From our Security Engineering Group

Here is the basic flow:

Receive SAML Token signed with Certificate X
Does Certificate 1, registered within the Adobe application, match Certificate X?
1. If yes, use Certificate 1 to validate the signature of the SAML Token
2. If no, does Certificate 2, registered within the Adobe application, match Certificate X?
  1. If yes, use Certificate 2 to validate the signature of the SAML Token
  2. If no, failure

Additionally, once a certificate is found, it could be flagged for some session period to become the default certificate for validation purposes which would help eliminate the need to perform the IF-ELSE checks each time.

Sham_HCAccepted solution

New Participant

For now it is not supported. Assume it is supported how would you visualize which one to select based on that multiple keys?

N

nkroonAuthor

New Participant

Multiple signing keys from the same IDP. I don't think it's a SAML configuration issue as much as it a back end capability to accept multiple signing keys from the same IDP.

Lokesh_Shivalingaiah

New Participant

Are you talking about having multiple SAMLs ??

You can have multiple configs for 'SAML Authentication Handler' here /system/console/configMgr

Sign up

Login with SSO

Login to the community

Login with SSO

Scanning file for viruses.

This file cannot be downloaded