...
The signing credentials cannot be resovled because signed XML does not contain a SecurityKeyIdentifier.
Step-by-step guide
By default, the Ubisecure SSO metadata contains only the public key. To enable the publishing of the certificate:
- Edit ubilogin-sso/ubilogin/webappsFor the IDP and IDP Proxy Metadata published at http://SSO_URL/uas/WEB-INFsaml2/uas.properties
Add the following lines
# saml interoperability features
com.ubisecure.ubilogin.uas.saml2.compatibility = MetadataCertificate
Execute ubilogin-sso/ubilogin/config/tomcat/update.cmd
- The certificate is now available in metadata.xml, enter the word "MetadataCertificate" in the Server Compatibility Flags field on the home page of Ubisecure SSO Management and press Update.
The metadata containing the certificate can be downloaded from the SAML 2.0 metadata (The link is visible on the Ubisecure SSO Management main page)link on the home page of the Ubisecure SSO Management console. - For the SP Metadata specific to each authentication method when enabling SAML login as an authentication method, enter the word "MetadataCertificate" in the Method Compatibility Flags field on SAML tab of the authentication method in the Ubisecure SSO Management and press Update.
The metadata containing the certificate can be seen from the Download Metadata link on the SAML tab of the authentication method.
If the trading partner requires the certificate in a separate .PEM file, copy the certificate to a new text file and add "-----BEGIN CERTIFICATE-----" and "-----END CERTIFICATE-----" before and after the certificate.
...
...
This setting can also be modified using the Ubisecure SSO Management API.
Related articles
Filter by label (Content by label) | ||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
...
Page Properties | ||
---|---|---|
| ||
|