keycloak-scim/docs/guides/securing-apps/partials/saml/sp-keys/keystore_element.adoc
rmartinc ccab30d5f2 Move saml documentation to guides
Closes #31330

Signed-off-by: rmartinc <rmartinc@redhat.com>
2024-07-24 11:50:24 +02:00

37 lines
1.4 KiB
Text

[[_saml-keystore]]
=== KeyStore element
Within the `Key` element you can load your keys and certificates from a Java Keystore. This is declared within
a `KeyStore` element.
[source,xml]
----
<Keys>
<Key signing="true" >
<KeyStore resource="/WEB-INF/keystore.jks" password="store123">
<PrivateKey alias="myPrivate" password="test123"/>
<Certificate alias="myCertAlias"/>
</KeyStore>
</Key>
</Keys>
----
Here are the XML config attributes that are defined with the `KeyStore` element.
file::
File path to the key store. This option is _OPTIONAL_. The file or resource attribute must be set.
resource::
WAR resource path to the KeyStore.
This is a path used in method call to ServletContext.getResourceAsStream(). This option is _OPTIONAL_. The file or resource attribute must be set.
password::
The password of the KeyStore. This option is _REQUIRED_.
If you are defining keys that the SP will use to sign document, you must also specify references to your private keys
and certificates within the Java KeyStore.
The `PrivateKey` and `Certificate` elements in the above example define an `alias` that points to the key or cert
within the keystore. Keystores require an additional password to access private keys.
In the `PrivateKey` element you must define this password within a `password` attribute.