Have a question. We are thinking of using this technology. We are a large security centric organization. How does JOSSO manages all the keys that are part of standard SAML hub and spoke implementation? All the SAML Assertions need to be signed when SAML POST binding is used. Is the single key used to sign all these assertions by the identity provider? Where is it stored?
Thanks