Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Improve property support for SAML private keys and certificates #41567

Closed
gertvv opened this issue Jul 20, 2024 · 1 comment
Closed

Improve property support for SAML private keys and certificates #41567

gertvv opened this issue Jul 20, 2024 · 1 comment
Assignees
@scottfrederick
Labels
type: enhancement A general enhancement
Milestone
3.4.0-M2

Comments

@gertvv
Copy link

gertvv commented Jul 20, 2024

Context

I'm looking for good ways to inject the SAML encryption keys into the configuration and ideally without decrypting the key file on disk.

I previously raised this with Spring Security and @jzheaux asked me to open an issue here instead.

Requested enhancement

When acting as a SAML2 client, allow the lovely Spring SSL bundles to be used to specify the certificates in configuration. For example, by setting spring.security.saml2.relyingparty.registration.<reg-id>.signing.credentials.bundle.

Current Behavior

The private-key-location and certificate-key-location must be set separately and don't seem to have useful functionality offered by the SSL bundles, such as loading from a keystore and decrypting the private key.
@spring-projects-issues spring-projects-issues added the status: waiting-for-triage An issue we've not yet triaged label Jul 20, 2024
@philwebb philwebb added the for: team-meeting An issue we'd like to discuss as a team to make progress label Jul 22, 2024
@philwebb philwebb added for: team-meeting An issue we'd like to discuss as a team to make progress and removed for: team-meeting An issue we'd like to discuss as a team to make progress labels Jul 24, 2024
@philwebb philwebb removed the for: team-meeting An issue we'd like to discuss as a team to make progress label Jul 31, 2024
@philwebb philwebb changed the title Use Spring SSL bundle in SAML2 signing Improve property support for SAML private keys and certificates Jul 31, 2024
@philwebb philwebb added type: enhancement A general enhancement and removed status: waiting-for-triage An issue we've not yet triaged labels Jul 31, 2024
@philwebb philwebb modified the milestones: General Backlog, 3.x Jul 31, 2024
@philwebb
Copy link
Member

We discussed this today as a team and we don't feel that using SSL bundles is the correct approach. Those interfaces and properties are specifically designed for SSL. Whilst it's technically possible to get the keys and certificates from the SSL bundle, using them to support SAML credentials isn't really their purpose.

We think instead we should try to improve the SAML properties to make it easier to use certificates and keys in a similar way to the bundle properties.

@scottfrederick scottfrederick modified the milestones: 3.x, 3.4.0-M2 Aug 13, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@scottfrederick scottfrederick

Labels
type: enhancement A general enhancement
Projects
None yet
Milestone
3.4.0-M2
Development

No branches or pull requests
4 participants
@scottfrederick @gertvv @philwebb @spring-projects-issues