Re: [keycloak-dev] Support for key rotation in SAML Redirect binding
On 10/31/2016 10:53 AM, Hynek Mlnarik wrote:
Fortunately, in the case where Keycloak is both signing and
validating so this condition is satisfied.
When is KC both signing a SAML message and validating the same signature?
Though this may be needed for a communication between KC and non-KC,
for KC-to-KC communication, this type of guessing should be avoided
if a valid way exists.
In SAML messages are one-way. There is KC-to-SP communication and
SP-to-KC communication. What is this KC-to-KC communication you refer to?
--
John