Adobe Experience Manager Sites & More

nedk76542230 · 6:48:24 AM

Does anyone know if the SAML Authentication Handler supports multiple Signing Keys?

Thanks

Sham_HC · 9:16:55 AM

For now it is not supported. Assume it is supported how would you visualize which one to select based on that multiple keys?

元の投稿で解決策を見る

Lokesh_Shivalingaiah · 7:26:57 AM

Are you talking about having multiple SAMLs ??

You can have multiple configs for 'SAML Authentication Handler' here /system/console/configMgr

nedk76542230 · 9:30:07 AM

Multiple signing keys from the same IDP. I don't think it's a SAML configuration issue as much as it a back end capability to accept multiple signing keys from the same IDP.

Sham_HC · 9:16:55 AM

For now it is not supported. Assume it is supported how would you visualize which one to select based on that multiple keys?

nedk76542230 · 2:33:47 PM

From our Security Engineering Group

Here is the basic flow:

Receive SAML Token signed with Certificate X
Does Certificate 1, registered within the Adobe application, match Certificate X?
1. If yes, use Certificate 1 to validate the signature of the SAML Token
2. If no, does Certificate 2, registered within the Adobe application, match Certificate X?
  1. If yes, use Certificate 2 to validate the signature of the SAML Token
  2. If no, failure

Additionally, once a certificate is found, it could be flagged for some session period to become the default certificate for validation purposes which would help eliminate the need to perform the IF-ELSE checks each time.

Sham_HC · 1:24:20 AM

Thanks for details. We store idpCertAlias as string & need to change to array to match your need. Sounds doable, can you please file a support request to track this enhancement?

Adobe Experience Manager Sites & More

SAML - Multiple Signing Keys

学習

ドキュメント

イベント

コミュニティ

サポート

リソース

Adobe アカウント

Adobe