Manager option for multiple saml keys in metadata (#3374)

lemonldap-ng-common/lib/Lemonldap/NG/Common/Conf/DefaultValues.pm

@@ -374,6 +374,8 @@ sub defaultValues {
         'samlOrganizationURL'        => 'http://www.example.com',
         'samlOverrideIDPEntityID'    => '',
         'samlRelayStateTimeout'      => 600,
+        'samlServiceEncryptionKey'   => 'default-saml-enc',
+        'samlServiceSignatureKey'    => 'default-saml-sig',
         'samlServiceSignatureMethod' => 'RSA_SHA256',
         'samlSPSSODescriptorArtifactResolutionServiceArtifact' =>
 '1;0;urn:oasis:names:tc:SAML:2.0:bindings:SOAP;#PORTAL#/saml/artifact',

lemonldap-ng-common/lib/Lemonldap/NG/Common/Conf/ReConstants.pm

@@ -72,7 +72,7 @@ our $issuerParameters = {
   issuerDBSAML => [qw(issuerDBSAMLActivation issuerDBSAMLPath issuerDBSAMLRule)],
   issuerOptions => [qw(issuersTimeout)],
 };
-our $samlServiceParameters = [qw(samlEntityID samlServicePrivateKeySig samlServicePrivateKeySigPwd samlServicePublicKeySig samlServicePrivateKeyEnc samlServicePrivateKeyEncPwd samlServicePublicKeyEnc samlServiceUseCertificateInResponse samlServiceSignatureMethod samlNameIDFormatMapEmail samlNameIDFormatMapX509 samlNameIDFormatMapWindows samlNameIDFormatMapKerberos samlAuthnContextMapPassword samlAuthnContextMapPasswordProtectedTransport samlAuthnContextMapKerberos samlAuthnContextMapTLSClient samlAuthnContextMapExtra samlOrganizationDisplayName samlOrganizationName samlOrganizationURL samlSPSSODescriptorAuthnRequestsSigned samlSPSSODescriptorWantAssertionsSigned samlSPSSODescriptorSingleLogoutServiceHTTPRedirect samlSPSSODescriptorSingleLogoutServiceHTTPPost samlSPSSODescriptorSingleLogoutServiceSOAP samlSPSSODescriptorAssertionConsumerServiceHTTPArtifact samlSPSSODescriptorAssertionConsumerServiceHTTPPost samlSPSSODescriptorArtifactResolutionServiceArtifact samlIDPSSODescriptorWantAuthnRequestsSigned samlIDPSSODescriptorSingleSignOnServiceHTTPRedirect samlIDPSSODescriptorSingleSignOnServiceHTTPPost samlIDPSSODescriptorSingleSignOnServiceHTTPArtifact samlIDPSSODescriptorSingleLogoutServiceHTTPRedirect samlIDPSSODescriptorSingleLogoutServiceHTTPPost samlIDPSSODescriptorSingleLogoutServiceSOAP samlIDPSSODescriptorArtifactResolutionServiceArtifact samlAttributeAuthorityDescriptorAttributeServiceSOAP samlMetadataForceUTF8 samlRelayStateTimeout samlUseQueryStringSpecific samlOverrideIDPEntityID samlCommonDomainCookieActivation samlCommonDomainCookieDomain samlCommonDomainCookieReader samlCommonDomainCookieWriter samlDiscoveryProtocolActivation samlDiscoveryProtocolURL samlDiscoveryProtocolPolicy samlDiscoveryProtocolIsPassive samlFederationFiles samlStorage samlStorageOptions)];
+our $samlServiceParameters = [qw(samlEntityID samlServicePrivateKeySig samlServicePrivateKeySigPwd samlServicePublicKeySig samlServicePrivateKeyEnc samlServicePrivateKeyEncPwd samlServicePublicKeyEnc samlServiceSignatureMethod samlServiceUseCertificateInResponse samlServiceSignatureKey samlServiceEncryptionKey samlNameIDFormatMapEmail samlNameIDFormatMapX509 samlNameIDFormatMapWindows samlNameIDFormatMapKerberos samlAuthnContextMapPassword samlAuthnContextMapPasswordProtectedTransport samlAuthnContextMapKerberos samlAuthnContextMapTLSClient samlAuthnContextMapExtra samlOrganizationDisplayName samlOrganizationName samlOrganizationURL samlSPSSODescriptorAuthnRequestsSigned samlSPSSODescriptorWantAssertionsSigned samlSPSSODescriptorSingleLogoutServiceHTTPRedirect samlSPSSODescriptorSingleLogoutServiceHTTPPost samlSPSSODescriptorSingleLogoutServiceSOAP samlSPSSODescriptorAssertionConsumerServiceHTTPArtifact samlSPSSODescriptorAssertionConsumerServiceHTTPPost samlSPSSODescriptorArtifactResolutionServiceArtifact samlIDPSSODescriptorWantAuthnRequestsSigned samlIDPSSODescriptorSingleSignOnServiceHTTPRedirect samlIDPSSODescriptorSingleSignOnServiceHTTPPost samlIDPSSODescriptorSingleSignOnServiceHTTPArtifact samlIDPSSODescriptorSingleLogoutServiceHTTPRedirect samlIDPSSODescriptorSingleLogoutServiceHTTPPost samlIDPSSODescriptorSingleLogoutServiceSOAP samlIDPSSODescriptorArtifactResolutionServiceArtifact samlAttributeAuthorityDescriptorAttributeServiceSOAP samlMetadataForceUTF8 samlRelayStateTimeout samlUseQueryStringSpecific samlOverrideIDPEntityID samlCommonDomainCookieActivation samlCommonDomainCookieDomain samlCommonDomainCookieReader samlCommonDomainCookieWriter samlDiscoveryProtocolActivation samlDiscoveryProtocolURL samlDiscoveryProtocolPolicy samlDiscoveryProtocolIsPassive samlFederationFiles samlStorage samlStorageOptions)];
 our $oidcServiceParameters = [qw(oidcServiceMetaDataIssuer oidcServiceMetaDataAuthorizeURI oidcServiceMetaDataTokenURI oidcServiceMetaDataUserInfoURI oidcServiceMetaDataJWKSURI oidcServiceMetaDataRegistrationURI oidcServiceMetaDataIntrospectionURI oidcServiceMetaDataRevokeURI oidcServiceMetaDataEndSessionURI oidcServiceMetaDataCheckSessionURI oidcServiceMetaDataFrontChannelURI oidcServiceMetaDataBackChannelURI oidcServiceMetaDataRpLogoutReturnURI oidcServiceMetaDataAuthnContext oidcServiceMetaDataAmrRules oidcServiceAllowDynamicRegistration oidcServiceDynamicRegistrationExportedVars oidcServiceDynamicRegistrationExtraClaims oidcServicePrivateKeySig oidcServicePublicKeySig oidcServiceKeyIdSig oidcServiceKeyTypeSig oidcServiceOldPrivateKeySig oidcServiceOldPublicKeySig oidcServiceOldKeyIdSig oidcServiceOldKeyTypeSig oidcServiceNewPrivateKeySig oidcServiceNewPublicKeySig oidcServiceNewKeyIdSig oidcServiceNewKeyTypeSig oidcServicePrivateKeyEnc oidcServicePublicKeyEnc oidcServiceKeyIdEnc oidcServiceKeyTypeEnc oidcServiceOldPrivateKeyEnc oidcServiceOldPublicKeyEnc oidcServiceOldKeyIdEnc oidcServiceOldKeyTypeEnc oidcServiceAllowAuthorizationCodeFlow oidcServiceAllowImplicitFlow oidcServiceAllowHybridFlow oidcServiceIgnoreScopeForClaims oidcServiceAllowOnlyDeclaredScopes oidcDropCspHeaders oidcServiceEncAlgorithmAlg oidcServiceEncAlgorithmEnc oidcServiceHideMetadata oidcServiceMetaDataDisallowNoneAlg oidcServiceAuthorizationCodeExpiration oidcServiceIDTokenExpiration oidcServiceAccessTokenExpiration oidcServiceOfflineSessionExpiration oidcServiceMetadataTtl oidcStorage oidcStorageOptions)];
 
 1;

lemonldap-ng-manager/lib/Lemonldap/NG/Manager/Attributes.pm

@@ -4935,6 +4935,10 @@ qr/(?:(?:https?):\/\/(?:(?:(?:(?:(?:(?:[a-zA-Z0-9][-a-zA-Z0-9]*)?[a-zA-Z0-9])[.]
             'default' => 600,
             'type'    => 'int'
         },
+        'samlServiceEncryptionKey' => {
+            'default' => 'default-saml-enc',
+            'type'    => 'text'
+        },
         'samlServicePrivateKeyEnc' => {
             'default' => '',
             'type'    => 'RSAPrivateKey'
@@ -4958,6 +4962,10 @@ qr/(?:(?:https?):\/\/(?:(?:(?:(?:(?:(?:[a-zA-Z0-9][-a-zA-Z0-9]*)?[a-zA-Z0-9])[.]
             'default' => '',
             'type'    => 'RSAPublicKeyOrCertificate'
         },
+        'samlServiceSignatureKey' => {
+            'default' => 'default-saml-sig',
+            'type'    => 'text'
+        },
         'samlServiceSignatureMethod' => {
             'default' => 'RSA_SHA256',
             'select'  => [ {

lemonldap-ng-manager/lib/Lemonldap/NG/Manager/Build/Attributes.pm

@@ -3339,6 +3339,16 @@ sub attributes {
             ],
             default => 'RSA_SHA256',
         },
+        samlServiceSignatureKey => {
+            type   => 'text',
+            default => 'default-saml-sig',
+            documentation => 'Key to use for SAML signature',
+        },
+        samlServiceEncryptionKey => {
+            type   => 'text',
+            default => 'default-saml-enc',
+            documentation => 'Key to use for SAML encryption',
+        },
         samlServiceUseCertificateInResponse => {
             type          => 'bool',
             default       => 0,

lemonldap-ng-manager/lib/Lemonldap/NG/Manager/Build/Tree.pm

@@ -1388,8 +1388,10 @@ sub tree {
                                 'samlServicePublicKeyEnc'
                             ]
                         },
+                        'samlServiceSignatureMethod',
                         'samlServiceUseCertificateInResponse',
-                        'samlServiceSignatureMethod'
+                        'samlServiceSignatureKey',
+                        'samlServiceEncryptionKey',
                     ]
                 },
                 {

lemonldap-ng-manager/site/htdocs/static/languages/ar.json

@@ -1240,6 +1240,7 @@
 "samlSPSSODescriptorSingleLogoutServiceHTTPRedirect":"إعادة توجيه إتش تي تي بي",
 "samlSPSSODescriptorSingleLogoutServiceSOAP":"SOAP",
 "samlSPSSODescriptorWantAssertionsSigned":"أريد التأكيدات الموقعة",
+"samlServiceEncryptionKey":"Encryption key name",
 "samlServiceMetaData":"خدمة 2 SAML",
 "samlServiceMetaDataSessions":"الجلسات",
 "samlServicePrivateKeyEnc":"المفتاح الخاص",
@@ -1251,6 +1252,7 @@
 "samlServiceSecurity":"معاييرالحماية",
 "samlServiceSecurityEnc":"التشفير",
 "samlServiceSecuritySig":"توقيع",
+"samlServiceSignatureKey":"Signing key name",
 "samlServiceSignatureMethod":"Signature method",
 "samlServiceUseCertificateInResponse":"استخدم الشهادة الرقمية في الردود",
 "samlStorage":"اسم وحدة الجلسات SAML",

lemonldap-ng-manager/site/htdocs/static/languages/en.json

@@ -1240,6 +1240,7 @@
 "samlSPSSODescriptorSingleLogoutServiceHTTPRedirect":"HTTP Redirect",
 "samlSPSSODescriptorSingleLogoutServiceSOAP":"SOAP",
 "samlSPSSODescriptorWantAssertionsSigned":"Want Assertions Signed",
+"samlServiceEncryptionKey":"Encryption key name",
 "samlServiceMetaData":"SAML2 Service",
 "samlServiceMetaDataSessions":"Sessions",
 "samlServicePrivateKeyEnc":"Private key",
@@ -1251,6 +1252,7 @@
 "samlServiceSecurity":"Security parameters",
 "samlServiceSecurityEnc":"Encryption",
 "samlServiceSecuritySig":"Signature",
+"samlServiceSignatureKey":"Signing key name",
 "samlServiceSignatureMethod":"Signature method",
 "samlServiceUseCertificateInResponse":"Use certificate in responses",
 "samlStorage":"SAML sessions module name",

lemonldap-ng-manager/site/htdocs/static/languages/es.json

@@ -1240,6 +1240,7 @@
 "samlSPSSODescriptorSingleLogoutServiceHTTPRedirect":"HTTP Redirect",
 "samlSPSSODescriptorSingleLogoutServiceSOAP":"SOAP",
 "samlSPSSODescriptorWantAssertionsSigned":"Want Assertions Signed",
+"samlServiceEncryptionKey":"Encryption key name",
 "samlServiceMetaData":"SAML2 Service",
 "samlServiceMetaDataSessions":"Sesiones",
 "samlServicePrivateKeyEnc":"Clave privada",
@@ -1251,6 +1252,7 @@
 "samlServiceSecurity":"Security parameters",
 "samlServiceSecurityEnc":"Encryption",
 "samlServiceSecuritySig":"Signature",
+"samlServiceSignatureKey":"Signing key name",
 "samlServiceSignatureMethod":"Signature method",
 "samlServiceUseCertificateInResponse":"Use certificate in responses",
 "samlStorage":"SAML sessions module name",

lemonldap-ng-manager/site/htdocs/static/languages/fr.json

@@ -1240,6 +1240,7 @@
 "samlSPSSODescriptorSingleLogoutServiceHTTPRedirect":"Redirection HTTP",
 "samlSPSSODescriptorSingleLogoutServiceSOAP":"SOAP",
 "samlSPSSODescriptorWantAssertionsSigned":"Exiger des assertions signées",
+"samlServiceEncryptionKey":"Nom de la clé de chiffrement",
 "samlServiceMetaData":"Service SAML 2",
 "samlServiceMetaDataSessions":"Sessions",
 "samlServicePrivateKeyEnc":"Clef privée",
@@ -1251,6 +1252,7 @@
 "samlServiceSecurity":"Paramètres de sécurité",
 "samlServiceSecurityEnc":"Chiffrement",
 "samlServiceSecuritySig":"Signature",
+"samlServiceSignatureKey":"Nom de la clé de signature",
 "samlServiceSignatureMethod":"Méthode pour la signature",
 "samlServiceUseCertificateInResponse":"Utilisation du certificat dans les réponses",
 "samlStorage":"Nom du module des sessions SAML",

lemonldap-ng-manager/site/htdocs/static/languages/he.json

@@ -1240,6 +1240,7 @@
 "samlSPSSODescriptorSingleLogoutServiceHTTPRedirect":"הפניית HTTP",
 "samlSPSSODescriptorSingleLogoutServiceSOAP":"SOAP",
 "samlSPSSODescriptorWantAssertionsSigned":"Want Assertions Signed",
+"samlServiceEncryptionKey":"Encryption key name",
 "samlServiceMetaData":"שירות SAML2",
 "samlServiceMetaDataSessions":"הפעלות",
 "samlServicePrivateKeyEnc":"מפתח אישי",
@@ -1251,6 +1252,7 @@
 "samlServiceSecurity":"משתני אבטחה",
 "samlServiceSecurityEnc":"הצפנה",
 "samlServiceSecuritySig":"חתימה",
+"samlServiceSignatureKey":"Signing key name",
 "samlServiceSignatureMethod":"Signature method",
 "samlServiceUseCertificateInResponse":"Use certificate in responses",
 "samlStorage":"SAML sessions module name",

lemonldap-ng-manager/site/htdocs/static/languages/it.json

@@ -1240,6 +1240,7 @@
 "samlSPSSODescriptorSingleLogoutServiceHTTPRedirect":"HTTP Redirect",
 "samlSPSSODescriptorSingleLogoutServiceSOAP":"SOAP",
 "samlSPSSODescriptorWantAssertionsSigned":"Si desiderano assertazioni firmate",
+"samlServiceEncryptionKey":"Encryption key name",
 "samlServiceMetaData":"Servizio SAML 2",
 "samlServiceMetaDataSessions":"Sessioni",
 "samlServicePrivateKeyEnc":"Chiave privata",
@@ -1251,6 +1252,7 @@
 "samlServiceSecurity":"Parametri di sicurezza",
 "samlServiceSecurityEnc":"Crittografia",
 "samlServiceSecuritySig":"Firma",
+"samlServiceSignatureKey":"Signing key name",
 "samlServiceSignatureMethod":"Metodo di firma",
 "samlServiceUseCertificateInResponse":"Utilizza il certificato nelle risposte",
 "samlStorage":"Nome del modulo di sessioni SAML",

lemonldap-ng-manager/site/htdocs/static/languages/pl.json

@@ -1240,6 +1240,7 @@
 "samlSPSSODescriptorSingleLogoutServiceHTTPRedirect":"Przekierowanie HTTP",
 "samlSPSSODescriptorSingleLogoutServiceSOAP":"SOAP",
 "samlSPSSODescriptorWantAssertionsSigned":"Chcę podpisać asercje",
+"samlServiceEncryptionKey":"Encryption key name",
 "samlServiceMetaData":"Usługa SAML2",
 "samlServiceMetaDataSessions":"Sesje",
 "samlServicePrivateKeyEnc":"Prywatny klucz",
@@ -1251,6 +1252,7 @@
 "samlServiceSecurity":"Parametry zabezpieczeń",
 "samlServiceSecurityEnc":"Szyfrowanie",
 "samlServiceSecuritySig":"Podpis",
+"samlServiceSignatureKey":"Signing key name",
 "samlServiceSignatureMethod":"Metoda podpisu",
 "samlServiceUseCertificateInResponse":"Użyj certyfikatu w odpowiedziach",
 "samlStorage":"Nazwa modułu sesji SAML",

lemonldap-ng-manager/site/htdocs/static/languages/pt.json

@@ -1240,6 +1240,7 @@
 "samlSPSSODescriptorSingleLogoutServiceHTTPRedirect":"HTTP Redirect",
 "samlSPSSODescriptorSingleLogoutServiceSOAP":"SOAP",
 "samlSPSSODescriptorWantAssertionsSigned":"Quer Asserções assinadas",
+"samlServiceEncryptionKey":"Encryption key name",
 "samlServiceMetaData":"Serviço SAML2",
 "samlServiceMetaDataSessions":"Sessões",
 "samlServicePrivateKeyEnc":"Chave privada",
@@ -1251,6 +1252,7 @@
 "samlServiceSecurity":"Parâmetros de Segurança",
 "samlServiceSecurityEnc":"Criptografia",
 "samlServiceSecuritySig":"Assinatura",
+"samlServiceSignatureKey":"Signing key name",
 "samlServiceSignatureMethod":"Método de assinatura",
 "samlServiceUseCertificateInResponse":"Usar certificados em respostas",
 "samlStorage":"Nome do módulo de sessões SAML",

lemonldap-ng-manager/site/htdocs/static/languages/pt_BR.json

@@ -1240,6 +1240,7 @@
 "samlSPSSODescriptorSingleLogoutServiceHTTPRedirect":"HTTP Redirect",
 "samlSPSSODescriptorSingleLogoutServiceSOAP":"SOAP",
 "samlSPSSODescriptorWantAssertionsSigned":"Quer Asserções assinadas",
+"samlServiceEncryptionKey":"Encryption key name",
 "samlServiceMetaData":"Serviço SAML2",
 "samlServiceMetaDataSessions":"Sessões",
 "samlServicePrivateKeyEnc":"Chave privada",
@@ -1251,6 +1252,7 @@
 "samlServiceSecurity":"Parâmetros de Segurança",
 "samlServiceSecurityEnc":"Criptografia",
 "samlServiceSecuritySig":"Assinatura",
+"samlServiceSignatureKey":"Signing key name",
 "samlServiceSignatureMethod":"Método de assinatura",
 "samlServiceUseCertificateInResponse":"Usar certificados em respostas",
 "samlStorage":"Nome do módulo de sessões SAML",

lemonldap-ng-manager/site/htdocs/static/languages/ru.json

@@ -1240,6 +1240,7 @@
 "samlSPSSODescriptorSingleLogoutServiceHTTPRedirect":"HTTP Redirect",
 "samlSPSSODescriptorSingleLogoutServiceSOAP":"SOAP",
 "samlSPSSODescriptorWantAssertionsSigned":"Хочу, чтобы утверждения были подписаны",
+"samlServiceEncryptionKey":"Encryption key name",
 "samlServiceMetaData":"Служба SAML2",
 "samlServiceMetaDataSessions":"Сеансы",
 "samlServicePrivateKeyEnc":"Закрытый ключ",
@@ -1251,6 +1252,7 @@
 "samlServiceSecurity":"Параметры безопасности",
 "samlServiceSecurityEnc":"Шифрование",
 "samlServiceSecuritySig":"Подпись",
+"samlServiceSignatureKey":"Signing key name",
 "samlServiceSignatureMethod":"Метод подписи",
 "samlServiceUseCertificateInResponse":"Использовать сертификат в ответах",
 "samlStorage":"Имя модуля сеансов SAML",

lemonldap-ng-manager/site/htdocs/static/languages/tr.json

@@ -1240,6 +1240,7 @@
 "samlSPSSODescriptorSingleLogoutServiceHTTPRedirect":"HTTP Yönlendirmesi",
 "samlSPSSODescriptorSingleLogoutServiceSOAP":"SOAP",
 "samlSPSSODescriptorWantAssertionsSigned":"Onaylamanın İmzalanmasını İste",
+"samlServiceEncryptionKey":"Encryption key name",
 "samlServiceMetaData":"SAML2 Servisi",
 "samlServiceMetaDataSessions":"Oturumlar",
 "samlServicePrivateKeyEnc":"Özel anahtar",
@@ -1251,6 +1252,7 @@
 "samlServiceSecurity":"Güvenlik parametreleri",
 "samlServiceSecurityEnc":"Şifreleme",
 "samlServiceSecuritySig":"İmza",
+"samlServiceSignatureKey":"Signing key name",
 "samlServiceSignatureMethod":"İmzalama yöntemi",
 "samlServiceUseCertificateInResponse":"Yanıtlarda sertifika kullan",
 "samlStorage":"SAML oturumlar modülü adı",

lemonldap-ng-manager/site/htdocs/static/languages/vi.json

@@ -1240,6 +1240,7 @@
 "samlSPSSODescriptorSingleLogoutServiceHTTPRedirect":"Chuyển hướng HTTP",
 "samlSPSSODescriptorSingleLogoutServiceSOAP":"SOAP",
 "samlSPSSODescriptorWantAssertionsSigned":"Muốn khẳng định đã ký",
+"samlServiceEncryptionKey":"Encryption key name",
 "samlServiceMetaData":"Dịch vụ SAML 2",
 "samlServiceMetaDataSessions":"Phiên",
 "samlServicePrivateKeyEnc":"Khóa cá nhân",
@@ -1251,6 +1252,7 @@
 "samlServiceSecurity":"Tham số bảo mật",
 "samlServiceSecurityEnc":"Mã hóa",
 "samlServiceSecuritySig":"Chữ ký",
+"samlServiceSignatureKey":"Signing key name",
 "samlServiceSignatureMethod":"phương thức chữ ký",
 "samlServiceUseCertificateInResponse":"Sử dụng chứng chỉ trong hồi đáp",
 "samlStorage":"tên mô-đun phiên SAML",

lemonldap-ng-manager/site/htdocs/static/languages/zh.json

@@ -1240,6 +1240,7 @@
 "samlSPSSODescriptorSingleLogoutServiceHTTPRedirect":"HTTP 重新導向",
 "samlSPSSODescriptorSingleLogoutServiceSOAP":"SOAP",
 "samlSPSSODescriptorWantAssertionsSigned":"想要聲明簽署",
+"samlServiceEncryptionKey":"Encryption key name",
 "samlServiceMetaData":"SAML2 服務",
 "samlServiceMetaDataSessions":"工作階段",
 "samlServicePrivateKeyEnc":"私鑰",
@@ -1251,6 +1252,7 @@
 "samlServiceSecurity":"安全參數",
 "samlServiceSecurityEnc":"加密",
 "samlServiceSecuritySig":"簽章",
+"samlServiceSignatureKey":"Signing key name",
 "samlServiceSignatureMethod":"簽章方法",
 "samlServiceUseCertificateInResponse":"在回應中使用憑證",
 "samlStorage":"SAML 工作階段模組名稱",

lemonldap-ng-manager/site/htdocs/static/languages/zh_TW.json

@@ -1240,6 +1240,7 @@
 "samlSPSSODescriptorSingleLogoutServiceHTTPRedirect":"HTTP 重新導向",
 "samlSPSSODescriptorSingleLogoutServiceSOAP":"SOAP",
 "samlSPSSODescriptorWantAssertionsSigned":"想要聲明簽署",
+"samlServiceEncryptionKey":"Encryption key name",
 "samlServiceMetaData":"SAML2 服務",
 "samlServiceMetaDataSessions":"工作階段",
 "samlServicePrivateKeyEnc":"私鑰",
@@ -1251,6 +1252,7 @@
 "samlServiceSecurity":"安全參數",
 "samlServiceSecurityEnc":"加密",
 "samlServiceSecuritySig":"簽章",
+"samlServiceSignatureKey":"Signing key name",
 "samlServiceSignatureMethod":"簽章方法",
 "samlServiceUseCertificateInResponse":"在回應中使用憑證",
 "samlStorage":"SAML 工作階段模組名稱",