From 92b835291a2741ca1c9748b4f4ec925839cae1a4 Mon Sep 17 00:00:00 2001
From: Martin Weise <martin.weise@tuwien.ac.at>
Date: Mon, 29 Nov 2021 19:34:32 +0100
Subject: [PATCH] Somehow successful response but errors in validation

---
 .rhel-prod/fda-authentication-service/install_cert            | 4 ++++
 .../src/main/java/at/tuwien/config/SamlConfig.java            | 2 +-
 2 files changed, 5 insertions(+), 1 deletion(-)

diff --git a/.rhel-prod/fda-authentication-service/install_cert b/.rhel-prod/fda-authentication-service/install_cert
index 3a1c319e9f..b0d07efa1d 100755
--- a/.rhel-prod/fda-authentication-service/install_cert
+++ b/.rhel-prod/fda-authentication-service/install_cert
@@ -32,3 +32,7 @@ sudo keytool -noprompt -importkeystore -deststorepass "${KEY_STORE_PASS}" -destk
 sudo keytool -noprompt -importkeystore -deststorepass "${KEY_STORE_PASS}" -destkeypass "${KEY_STORE_PASS}" \
   -destkeystore "${KEY_STORE_LOCATION}" -srckeystore "${TMP_SAML_LOCATION}" -srcstoretype PKCS12 \
   -srcstorepass "${KEY_STORE_PASS}" -alias 1 -destalias saml
+
+# TRUST LET'S ENCRYPT
+sudo keytool -noprompt -import -alias letsencrypt -keystore "${KEY_STORE_LOCATION}" \
+  -file "${CERT_LOCATION}/chain.pem"
\ No newline at end of file
diff --git a/fda-authentication-service/rest-service/src/main/java/at/tuwien/config/SamlConfig.java b/fda-authentication-service/rest-service/src/main/java/at/tuwien/config/SamlConfig.java
index 0eae4de308..84697cc270 100644
--- a/fda-authentication-service/rest-service/src/main/java/at/tuwien/config/SamlConfig.java
+++ b/fda-authentication-service/rest-service/src/main/java/at/tuwien/config/SamlConfig.java
@@ -172,7 +172,7 @@ public class SamlConfig extends WebSecurityConfigurerAdapter {
         ExtendedMetadataDelegate extendedMetadataDelegate = new ExtendedMetadataDelegate(metadataProvider(),
                 extendedMetadata());
         extendedMetadataDelegate.setMetadataTrustCheck(true);
-        extendedMetadataDelegate.setMetadataRequireSignature(false);
+        extendedMetadataDelegate.setMetadataRequireSignature(true);
         return extendedMetadataDelegate;
     }
 
-- 
GitLab