I’m using ForgeRock 6.5.2.3 at work.
I have created a configuration for a client application, in SAMLv2.
So I have a circle of trust + hosted entity provider.
I did all of this a month ago.
Today they gave me a new version of their XML MetaData SP file. Inside of it there is the x509 block with their public key. Key that will be used to sign their XML exchanges with me : they are the SP, I am the IDP and I will check what they submit to me.
My problem is I have not been able to find how to check or update the key from within ForgeRock.
I start with the docs :
If I go into the circle of trust, I can see there is one. But it does not show nor list the SP ssl key.
I then tried to go into the entity provider for my SP.
There, I can see a current value “feduatsigncert”
I have absolutely no idea what this is. Is this my SSL key that ForgeRock will use to sign the XML we produce and send to the SP ? Or is this an alias to their public SSL key they will use to sign their XMLs so my IDP can check them ?
I went into Configure → Secret Stores → default keystore
In the mappings tabs there is NO entry for the SP client. In fact, there is NO entry for NONE of the existing SAMLv2 clients, and we got a nice bunch of those (well over 10).
Previously I was using Keycloak, and to check/see/export/upgrade the client application SP all I had to do was get into the client, select the “SAML Keys” tab and I can delete/import/export the key from either a .CER or .PEM File.
We have now moved to ForgeRock and… I am trying to find the same information.
For an existing SAMLv2 configuration, I want to see the current SSL key that is supposed to be the SP application key.
I want to be able to see it, or export it, so I can use a tool like the x509 cert decoder from sslshopper to analyze the cert, and check the expiration dates and if the domain of validity for the key is the proper one.
I want to be able to “update” that cert, or import the lastest one I have, so I am sure at 100 % that my IDP will use the proper OpenSSL key from the SP to check the signature of the XMLs they will send me.
I have checked the docs as much as I can but I have not found where the SAMLv2 publics keys from SP are stored. Nor how to export them, or upgrade them.
If someone can help.