Added documentation for encryption

cloudtrust · Jun 13, 2018 · deeeb76 · deeeb76
1 parent 9279813
commit deeeb76
Show file tree

Hide file tree

Showing 2 changed files with 14 additions and 0 deletions.
diff --git a/README.md b/README.md
@@ -100,6 +100,12 @@ The last set of options concern the URIs of the client. The values **Root URL**,
 URL** are the same as those described in the 
 [Keycloak documentation for SAML clients](https://www.keycloak.org/docs/latest/server_admin/index.html#saml-clients).
 
+##### SAML Keys tab
+
+This tab is only available if the **Encrypt Assertions** setting was enabled in the Settings tab. As with the SAML
+client, it is possible to generate and export a keypair, or to import a certificate from a JKS file, PKSC12 file or a 
+PEM certificate file. However, the imported certificate MUST be RSA, or there will be an error during runtime.
+
 ##### Mappers tab
 
 Mappers are generally handled in the same way as described as described in the 

diff --git a/.../java/com/quest/keycloak/protocol/wsfed/builders/RequestSecurityTokenResponseBuilder.java b/.../java/com/quest/keycloak/protocol/wsfed/builders/RequestSecurityTokenResponseBuilder.java
@@ -345,6 +345,14 @@ public static String getStringValue(RequestSecurityTokenResponse response) throw
         return new String(bos.toByteArray());
     }
 
+    /**
+     * Encrypts a SAML assertion. All XML passed in the samlDocument parameter will be encrypted, and the keyinfo is
+     * added to the resulting document.
+     *
+     * @param samlDocument The SAML assertion to encrypt
+     * @return an encrypted document
+     * @throws ProcessingException
+     */
     public Document encryptDocument(Document samlDocument) throws ProcessingException {
         try {
             byte[] secret = RandomSecret.createRandomSecret(encryptionKeySize / 8);