How to import SP self signed certificate to OpenAm tomcat server for digital signature validation?

Question

I have an Enterprise App which is acting as SP(Service Provider) and an OpenAm app acting as IdP(Identity Provider). In SP, I have created a self-signed certificate for digital signature to communicate with OpenAM for SSO.

SP digitally signs and initiates the request, but In OpenAm i am getting 'The SAML Request is invalid' error. I think this is because of the absence of certificate in OpenAM tomcat server.

I have already tried creating the Key Store and adding my Self Signed certificate to it.

Questions

How to import SP self-signed certificate in tomcat for digital signature validation?
How validation is happening in OpenAm?

score 0 · Answer 1 · answered Dec 01 '16 at 21:34

0

Check yr openam config directory (eg ~/openam/openam). This directory contains the keystore file used by OpenAM.

keytool -list -keystore ~/openam13/openam/keystore.jks

answered Dec 01 '16 at 21:34

Steffo

622
5
6

2

the SAML keystore/truststure configured in OpenAM is not used to verify the digital signature ,but the public key incuded in the certificate of the SP's meta data imported into OpenAM – Bernhard Thalmayr Dec 02 '16 at 07:38

How to import SP self signed certificate to OpenAm tomcat server for digital signature validation?

1 Answers1