Hi all,
I’ve got a SAML client in Keycloak, and I’ve been informed that we’ll need to update the signing key and encryption key, since they’re expiring soon.
In the SAML metadata provided, they have both the new key and the old key. However, I notice that Keycloak can only store 1 key for each use, and when I import the metadata it only seems to import the old key. When I manually import the new keys, Keycloak says that it can’t verify the signature on the incoming SAML data.
Is there a key rotation process I don’t know about with Keycloak, or is this just a current shortcoming?
Thanks in advance,
David Cook
Senior Software Engineer
Prosentient Systems
Suite 7.03
6a Glen St
Milsons Point NSW 2061
Australia
Office: 02 9212 0899
Online: 02 8005 0595