We are using CAS as IDP and using it for SAML2 authentication. We are currently using file system to store IDP SAML2 metadata. For security reasons we want to store it in database. We only want to store IDP medatadata in database, not service provider metadata.
We are already following recommendation by CAS mention on this link https://apereo.github.io/cas/6.5.x/installation/Configuring-SAML2-DynamicMetadata-JPA.html
As suggested, we have created table with name IDP_METADATA and put all relevant information like encryption key, signing key, encryption certificate, signing certificate and IDP metadata xml in the table.
As recommended by CAS, we have already added following in cas.properties:
cas.authn.saml-idp.metadata.jpa.driver-class=com.microsoft.sqlserver.jdbc.SQLServerDriver cas.authn.saml-idp.metadata.jpa.user=user cas.authn.saml-idp.metadata.jpa.password=password cas.authn.saml-idp.metadata.jpa.url=jdbc:sqlserver://dbname;databaseName=CASDB;encrypt=true;trustServerCertificate=true; cas.authn.saml-idp.metadata.jpa.crypto.enabled=false cas.authn.saml-idp.metadata.jpa.ddl-auto=none
and also commented this line #cas.authn.saml-idp.metadata.file-system.location=file:C:/etc/cas/config/saml
When we are starting CAS, it is not using this information. However, it is generating new metadata, which is what we don't want.
Not sure if we are missing something. Could anyone help with this?