Hello,
I was hoping someone could explain to me what the functionality of the Keystore file is? I understand that when setting up a connection, the metadata file needs to be delivered to the ADFS setup. But what is the keystore files used for?We have been experiencing issues with the connection and seem to be experiencing unknown issues. I imagine me understanding these files better may help solving the problem.
Hi @Mbh ,
From an OutSystems point of view, the metadata and the keystore have different roles.
The metadata file is what you give to ADFS. It basically tells ADFS how OutSystems is configured for SAML (endpoints, entity ID, bindings, and the public certificate that ADFS should trust).
The keystore file stays on the OutSystems side. It contains the certificate and its private key, which OutSystems uses to sign SAML requests (and decrypt assertions if encryption is enabled). So it’s more about how OutSystems proves its identity during the SAML exchange.
In simple terms:
Metadata = what ADFS needs to know about OutSystems
Keystore = OutSystems’ “private identity” used to secure the communication
If you’re seeing connection issues, the keystore is often part of the problem — for example if the certificate expired, the keystore doesn’t match the metadata that was imported into ADFS, or the keystore was changed but the metadata wasn’t updated on the ADFS side.
Hope this helps.
regards,
Manish Jawla
Thanks Manish, that was very informative