Skip to Content.
Sympa Menu

mace-opensaml-users - [OpenSAML] Question related to Sharing same private key

Subject: OpenSAML user discussion

List archive

[OpenSAML] Question related to Sharing same private key


Chronological Thread 
  • From: shri kanth s <>
  • To:
  • Subject: [OpenSAML] Question related to Sharing same private key
  • Date: Tue, 3 May 2011 16:28:11 -0400
  • Domainkey-signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=mime-version:date:message-id:subject:from:to:content-type; b=fiLZacdZolyP3einocGc9G6qX67dnO6GfsrC4TqtjhpU5vDvI777mDNs4JBP5M1p3/ tHCRQKBlh1LniDo/1J1UrqJFrVAHcCcIItNXSVZdSpBcWcNLcGXRSSg+rcbX7EOe0gwS 2c+G3AzXneJYDf8cBnbiCaDj5XtookUSvvfS4=

Hi,

     I just had a question related to signing SAML Messages using OpenSaml.

We are IDP provider and there are several vendors who uses IDP services. When a message is initiated from IDP , IDP signs the message using a private key and the requestor in question validates it using the public key provided to them. When the ServiceProvider posts the SAML message, they will sign using a private key and the IDP/ other Service provider verifies the message usign a public key.

My question relates to

1) Can we use the same keystore at the IDP as well at the service provider end? Which ideally means sharing same private and public key,  What are security implications you can foresee in this scenario?



Thanks,




Archive powered by MHonArc 2.6.16.

Top of Page