Hi.
I would like to know how to make SAML shinyproxy check the signature in the assertion and only continues if the signature is the same as the one i have on a .CRT file.
I tried to pass the .CRT file in the .JKS file, but the signature was never verified and the app was always OK even when the signatures were different.
to create the .JKS file i used this 2 commands:
keytool -deststoretype pkcs12 -genkeypair -keyalg RSA -keysize 4096 -sigalg SHA256withRSA -validity 1460 -alias shinyproxy-saml -keypass keypass -keystore samlKeystore.jks -storepass keystorePass -noprompt -dname “CN=Tlantic, OU=TT, O=TT, L=TT, S=TT, C=TT”
keytool -import -alias shinyproxy-saml -file certificate.crt -keystore samlKeystore.jks -keypass keypass -storepass keystorePass -noprompt
My applicattion YML:
saml:
idp-metadata-url: https://fujifish.github.io/samling/public/metadata.xml
app-entity-id: entity-id
app-base-url: base-url
name-attribute: username
keystore: /opt/samlKeystore.jks
keystore-password: keystorePass
encryption-cert-name: shinyproxy-saml
encryption-cert-password: keypass
force-authn: true