We have implemented MFA & SSO using AuthService of SAML 2.0 type which works well when checkbox "Disable request signing" is selected (i.e works with out certificate).
I tried with cert but getting the error "Unable to process the SAML WebSSO request : Unable to build SAML2 Logout Response Redirect URL : Key does not exist, Keystore Entry is not either PrivateKeyEntry or SecretKeyEntry".
The key store types are supports in Pega 8.2.1 are JKS, JWK, PKCS12, KEYTAB, KEY.
We are looking for following clarifications
# 1 - Would like to know if it (MFA AuthService - SAML 2.0) works for any of you with certificate. If so, please let us know the Key Store type used by you such as JKS or KEYTAB.
# 2 - Is above specified key store file must need to have private key of certificate inside
# 3 - Have you certificate type of CSR or Non CSR
FYI - SSL offload happnes for us at GTM / LTM level
Thanks in advance for support.
***Edited by Moderator Marissa to update platform capability tags****
#2: Yes. My personal favorite is http://keystore-explorer.org/downloads.html (free) so you do not have to be familiar with keytool commands - you essentially create keystore of jks type, and generate keypair (with private key). Once jks file is saved, load it to Pega. that should be it. In your case, both signing certificate and decryption certificate are Pega specific and you have total control.
#3: Not following here, btw, SSL is at lower level should not be relevant here.