SAML: Disable certificate resolver?

This is really a modified version of this topic. Saml WantAuthnRequestsSigned

However, I am better able to interpret the error. The IDP I work with isn’t interested in having signed Service Provider tickets, and wants me to turn that off. ShinyProxy produces a metadata without the certificate, however whenever I navigate to the base URL, I get an error that Spring Boot can’t find a certificate with the resolver in the ShinyProxy log.

I tried creating an empty keystore amongst a number of other methods to disable this. Is disabling documented somewhere? I feel if a metadata is produced, then it should be configured properly, and I shouldn’t get an error of this nature.

I did read somewhere that it appears that saml is moving towards signing as a requirement, so maybe ShinyProxy is ahead of the game here?

So, I was able to resolve this (no pun intended). I setup keystore and my IDP supported signing or not signing, though they didn’t require it and preferred to not sign. However, I feel that this is actually a bug. ShinyProxy produced a SAML metadata with no signing, but would not load a site with the metadata that ShinyProxy generated. Having said that, I gather that requiring signing is more like future proofing, contemporary versions of SAML require this. However, it seems if that is the case ShinyProxy should throw an error rather than producing an otherwise valid metadata.

Also, I generated a keystore with keytool, however I was unable to export the certificate and reload it. I ended up having to handle the binary .jks file rather than export the certificate and load it as a docker secret. This is somewhat suboptimal. Is there any documentation on the proper way to both export and import the key, the export is in the configuration, but reimported versions of the certificate don’t appear to work with ShinyProxy.