TechQA.

Adding Private Key to RelyingPartyRegistration in Spring Boot and Spring Security

35 views Asked by At

I am trying to add a private key to my security configuration in Spring Boot.

@Bean
    protected RelyingPartyRegistrationRepository relyingPartyRegistrations() throws Exception {
        URI assertingUri = getClass().getClassLoader().getResource("asserting_party_public.crt").toURI();
        URI relyingUri = getClass().getClassLoader().getResource("relying_private_key.pem").toURI();
        File assertingKey = Paths.get(assertingUri).toFile();
        File relyingKey = Paths.get(relyingUri).toFile();
        X509Certificate assertingCertificate = X509Support.decodeCertificate(assertingKey);
        X509Certificate relyingCertificate = X509Support.decodeCertificate(relyingKey);
        Saml2X509Credential assertingCredential = Saml2X509Credential.verification(assertingCertificate);
        Saml2X509Credential relyingCredential = Saml2X509Credential.verification(relyingCertificate);
        RelyingPartyRegistration registration = RelyingPartyRegistration
                .withRegistrationId("relying")
                .entityId("relying_entity_id")
                .signingX509Credentials((c) -> c.add(relyingCredential))
                .assertionConsumerServiceLocation("https://<relying_server>/login/saml2/sso/<relying>")
                .assertingPartyDetails(idp -> idp
                    .entityId("https://<idp_entity_id>")
                    .wantAuthnRequestsSigned(true)
                    .singleSignOnServiceLocation("https://<idp_sso_location")
                    .verificationX509Credentials(c -> c.add(assertingCredential))
                ).build();
        return new InMemoryRelyingPartyRegistrationRepository(registration);
    }

Clearly, this doesn't work because my private key is not a certificate. But how do I add my private key? I have already generated the private / public key pair.

Initially, my app was on a staging server and the requests didn't need to be signed, so all I used was the asserting party's public key. Now I'm moving the app to the production server, and the new metadata for the idp shows that my requests must be signed. Basically, I've duplicated the logic for the asserting party's public key for my private key in this example to show that 1) I have no idea what I'm doing and 2) I do realize I need to add my private key in some way and that the authentication requests must be signed.

Help?

java spring-boot spring-security digital-signature saml-2.0
Original Q&A
0

There are 0 answers

Related Questions in JAVA

Related Questions in SPRING-BOOT

Related Questions in SPRING-SECURITY

Related Questions in DIGITAL-SIGNATURE

Related Questions in SAML-2.0

Popular Questions

Popular Tags

javascript python java c# php android html jquery c++ css ios sql mysql r reactjs node.js arrays c asp.net json

Trending Questions