2016-06-02 16:07:45 +00:00
|
|
|
[[_saml-keystore]]
|
|
|
|
|
|
|
|
|
|
====== KeyStore element
|
|
|
|
|
|
2016-06-02 20:50:43 +00:00
|
|
|
Within the `Key` element you can load your keys and certificates from a Java Keystore. This is declared within
|
|
|
|
|
a `KeyStore` element.
|
|
|
|
|
|
|
|
|
|
[source,xml]
|
|
|
|
|
----
|
|
|
|
|
|
|
|
|
|
<Keys>
|
|
|
|
|
<Key signing="true" >
|
|
|
|
|
<KeyStore resource="/WEB-INF/keystore.jks" password="store123">
|
|
|
|
|
<PrivateKey alias="myPrivate" password="test123"/>
|
|
|
|
|
<Certificate alias="myCertAlias"/>
|
|
|
|
|
</KeyStore>
|
|
|
|
|
</Key>
|
|
|
|
|
</Keys>
|
|
|
|
|
----
|
|
|
|
|
|
|
|
|
|
Here are the XML config attributes that are defined with the `KeyStore` element.
|
|
|
|
|
|
2016-06-02 16:07:45 +00:00
|
|
|
file::
|
|
|
|
|
File path to the key store. _OPTIONAL._ The file or resource attribute must be set.
|
|
|
|
|
|
|
|
|
|
resource::
|
|
|
|
|
WAR resource path to the KeyStore.
|
|
|
|
|
This is a path used in method call to ServletContext.getResourceAsStream(). _OPTIONAL._ The file or resource attribute must be set.
|
|
|
|
|
|
|
|
|
|
password::
|
|
|
|
|
The password of the KeyStore _REQUIRED._
|
|
|
|
|
|
2016-06-02 20:50:43 +00:00
|
|
|
If you are defining keys that the SP will use to sign document, you must also specify references to your private keys
|
|
|
|
|
and certificates within the Java KeyStore.
|
|
|
|
|
The `PrivateKey` and `Certificate` elements in the above example define an `alias` that points to the key or cert
|
|
|
|
|
within the keystore. Keystores require an additional password to access private keys.
|
|
|
|
|
In the `PrivateKey` element you must define this password within a `password` attribute.
|
