Groups keyboard shortcuts have been updated
Dismiss
See shortcuts

Rotating keys for SAML clients?

33 views
Skip to first unread message

David Cook

unread,
Dec 9, 2024, 12:43:37 AM12/9/24
to keyclo...@googlegroups.com

Hi all,

 

I’ve got a SAML client in Keycloak, and I’ve been informed that we’ll need to update the signing key and encryption key, since they’re expiring soon.

 

In the SAML metadata provided, they have both the new key and the old key. However, I notice that Keycloak can only store 1 key for each use, and when I import the metadata it only seems to import the old key. When I manually import the new keys, Keycloak says that it can’t verify the signature on the incoming SAML data.

 

Is there a key rotation process I don’t know about with Keycloak, or is this just a current shortcoming?

 

Thanks in advance,

 

David Cook

Senior Software Engineer

Prosentient Systems

Suite 7.03

6a Glen St

Milsons Point NSW 2061

Australia

 

Office: 02 9212 0899

Online: 02 8005 0595

 

Reply all
Reply to author
Forward
0 new messages