Inbound-Saml module needs the private key to access the persistence API through UMA flow.
You can check the KID for RS256 Navigating to OpenId > Clients > Api RP, on the Signing / Encryption tabs there is a json showing the kid for the rs 256.
- Dump the private keys on screen (i.e.
openssl pkcs12 -info --nocerts -in /etc/certs/api-rp.pkcs12 -nodes); - Find the private key with
rs_256alg; - Take note of the
kid, needed to setup inbound-saml module; - Copy from
-----BEGIN PRIVATE KEY-----to-----END PRIVATE KEY-----and save it to a file (i.e.rs256pvk.pem).