[keycloak-dev] Support for key rotation in SAML Redirect binding
John Dennis
jdennis at redhat.com
Mon Oct 31 11:13:40 EDT 2016
On 10/31/2016 10:53 AM, Hynek Mlnarik wrote:
> Fortunately, in the case where Keycloak is both signing and
> validating so this condition is satisfied.
When is KC both signing a SAML message and validating the same signature?
> Though this may be needed for a communication between KC and non-KC,
> for KC-to-KC communication, this type of guessing should be avoided
> if a valid way exists.
In SAML messages are one-way. There is KC-to-SP communication and
SP-to-KC communication. What is this KC-to-KC communication you refer to?
--
John
More information about the keycloak-dev
mailing list