Hi ,
Having a signing certificate different from the encryption certificate was a request from my IDP.
So I created both seperately.(from the same private key) .
I was a bit confused as to the role of the saml-sp-metadata.xml being generated by the saml plugin.
The way I understand it now, is that is serves the purpose of helping the user to generate SP metadata from the Jenkins UI in order to forward the meta data to the IDP.
It is not being used by the plugin 'at runtime'.
Since I had already sent my SP meta-data prior to installing and configuring the SAML plugin, I wasn't required to do anything with the generated saml-sp-metadata.xml file.
All I needed to do was set up a keystore with the proper private key (which in my case is the same for the encryption and signing certificate)
Thanks for your time,
Chris
Op dinsdag 28 juli 2020 20:07:54 UTC+2 schreef Ivan Fernandez Calvo: