From 92b835291a2741ca1c9748b4f4ec925839cae1a4 Mon Sep 17 00:00:00 2001 From: Martin Weise <martin.weise@tuwien.ac.at> Date: Mon, 29 Nov 2021 19:34:32 +0100 Subject: [PATCH] Somehow successful response but errors in validation --- .rhel-prod/fda-authentication-service/install_cert | 4 ++++ .../src/main/java/at/tuwien/config/SamlConfig.java | 2 +- 2 files changed, 5 insertions(+), 1 deletion(-) diff --git a/.rhel-prod/fda-authentication-service/install_cert b/.rhel-prod/fda-authentication-service/install_cert index 3a1c319e9f..b0d07efa1d 100755 --- a/.rhel-prod/fda-authentication-service/install_cert +++ b/.rhel-prod/fda-authentication-service/install_cert @@ -32,3 +32,7 @@ sudo keytool -noprompt -importkeystore -deststorepass "${KEY_STORE_PASS}" -destk sudo keytool -noprompt -importkeystore -deststorepass "${KEY_STORE_PASS}" -destkeypass "${KEY_STORE_PASS}" \ -destkeystore "${KEY_STORE_LOCATION}" -srckeystore "${TMP_SAML_LOCATION}" -srcstoretype PKCS12 \ -srcstorepass "${KEY_STORE_PASS}" -alias 1 -destalias saml + +# TRUST LET'S ENCRYPT +sudo keytool -noprompt -import -alias letsencrypt -keystore "${KEY_STORE_LOCATION}" \ + -file "${CERT_LOCATION}/chain.pem" \ No newline at end of file diff --git a/fda-authentication-service/rest-service/src/main/java/at/tuwien/config/SamlConfig.java b/fda-authentication-service/rest-service/src/main/java/at/tuwien/config/SamlConfig.java index 0eae4de308..84697cc270 100644 --- a/fda-authentication-service/rest-service/src/main/java/at/tuwien/config/SamlConfig.java +++ b/fda-authentication-service/rest-service/src/main/java/at/tuwien/config/SamlConfig.java @@ -172,7 +172,7 @@ public class SamlConfig extends WebSecurityConfigurerAdapter { ExtendedMetadataDelegate extendedMetadataDelegate = new ExtendedMetadataDelegate(metadataProvider(), extendedMetadata()); extendedMetadataDelegate.setMetadataTrustCheck(true); - extendedMetadataDelegate.setMetadataRequireSignature(false); + extendedMetadataDelegate.setMetadataRequireSignature(true); return extendedMetadataDelegate; } -- GitLab