we have configured a SAMS Identity Provider (IdP) and we would like to choose the key/certificate that is used to sign the messages. The idea is to use a different key than the one used by our keycloak to issue tokens.
Is this possible via configuration?
Is this possible in some way by extending the keycloak functionality using a SPI?
One way to tackle this problem at the moment would be to use different algorithms for the realm and the IdP
Any suggestions are appreciated,