When utilizing a KeyProvider for an SP only, the org.picketlink.identity.federation.core.impl.KeyStoreKeyManager.setAuthProperties() method is called. This method throws an exception if a SigningKeyPass isn't specified in the config.
Why is this required if you aren't using the SAML2SignatureGenerationHandler?
I only want to validate the returned IDP signature using the SAML2SignatureValidationHandler, so all I should need is the KeyStoreURL, KeyStorePass and the ValidatingAlias.
Investigate whether or not the "SigningKeyPass" Auth param should be required if only using signature validation and not generation.