keycloak-scim/docs/guides/securing-apps/partials/saml/sp-keys/keystore_element.adoc

38 lines
1.4 KiB
Text
Raw Normal View History

[[_saml-keystore]]
2016-06-02 16:07:45 +00:00
=== KeyStore element
2016-06-02 16:07:45 +00:00
2016-06-02 20:50:43 +00:00
Within the `Key` element you can load your keys and certificates from a Java Keystore. This is declared within
a `KeyStore` element.
[source,xml]
----
<Keys>
<Key signing="true" >
<KeyStore resource="/WEB-INF/keystore.jks" password="store123">
<PrivateKey alias="myPrivate" password="test123"/>
<Certificate alias="myCertAlias"/>
</KeyStore>
</Key>
</Keys>
----
Here are the XML config attributes that are defined with the `KeyStore` element.
2016-06-02 16:07:45 +00:00
file::
File path to the key store. This option is _OPTIONAL_. The file or resource attribute must be set.
2016-06-02 16:07:45 +00:00
resource::
WAR resource path to the KeyStore.
This is a path used in method call to ServletContext.getResourceAsStream(). This option is _OPTIONAL_. The file or resource attribute must be set.
2016-06-02 16:07:45 +00:00
password::
The password of the KeyStore. This option is _REQUIRED_.
2016-06-02 16:07:45 +00:00
2016-06-02 20:50:43 +00:00
If you are defining keys that the SP will use to sign document, you must also specify references to your private keys
and certificates within the Java KeyStore.
The `PrivateKey` and `Certificate` elements in the above example define an `alias` that points to the key or cert
within the keystore. Keystores require an additional password to access private keys.
In the `PrivateKey` element you must define this password within a `password` attribute.