mace-opensaml-users - [OpenSAML] Question related to Sharing same private key

Subject: OpenSAML user discussion

List archive

[OpenSAML] Question related to Sharing same private key

From: shri kanth s <>
To:
Subject: [OpenSAML] Question related to Sharing same private key
Date: Tue, 3 May 2011 16:28:11 -0400
Domainkey-signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=mime-version:date:message-id:subject:from:to:content-type; b=fiLZacdZolyP3einocGc9G6qX67dnO6GfsrC4TqtjhpU5vDvI777mDNs4JBP5M1p3/ tHCRQKBlh1LniDo/1J1UrqJFrVAHcCcIItNXSVZdSpBcWcNLcGXRSSg+rcbX7EOe0gwS 2c+G3AzXneJYDf8cBnbiCaDj5XtookUSvvfS4=

Hi,

I just had a question related to signing SAML Messages using OpenSaml.

We are IDP provider and there are several vendors who uses IDP services. When a message is initiated from IDP , IDP signs the message using a private key and the requestor in question validates it using the public key provided to them. When the ServiceProvider posts the SAML message, they will sign using a private key and the IDP/ other Service provider verifies the message usign a public key.

My question relates to

1) Can we use the same keystore at the IDP as well at the service provider end? Which ideally means sharing same private and public key, What are security implications you can foresee in this scenario?

Thanks,

[OpenSAML] Question related to Sharing same private key, shri kanth s, 05/03/2011
- Re: [OpenSAML] Question related to Sharing same private key, rangeli nepal, 05/03/2011
- Re: [OpenSAML] Question related to Sharing same private key, Brent Putman, 05/04/2011
- [OpenSAML] request:get-parameter("SAMLResponse", ""), Gina Choi, 05/12/2011
  - Re: [OpenSAML] request:get-parameter("SAMLResponse", ""), Brent Putman, 05/12/2011
    - RE: [OpenSAML] request:get-parameter("SAMLResponse", ""), Gina Choi, 05/12/2011
      - Re: [OpenSAML] request:get-parameter("SAMLResponse", ""), Brent Putman, 05/13/2011

List archive

[OpenSAML] Question related to Sharing same private key