To expand on Ronald's answer: the SAML module tries to use the JVM keystore. The CredentialRepository class from package saml20.implementation.security contains the following code:
private static KeyStore loadJVMKeyStore() throws KeyStoreException,
NoSuchAlgorithmException, CertificateException,
FileNotFoundException, IOException {
KeyStore keyStore = KeyStore.getInstance("JKS");
String keyStoreResource = System.getProperty("javax.net.ssl.keyStore");
if (keyStoreResource != null) {
// applicable if certificates have been manually added to the server
// (e.g. in the Mx modeler or in the cloud)
File keyStoreFile = new File(keyStoreResource);
if (jvmKeyStorePW == null) {
jvmKeyStorePW = System.getProperty("javax.net.ssl.keyStorePassword");
}
keyStore.load(new FileInputStream(keyStoreFile),
jvmKeyStorePW.toCharArray());
} else {
// create a new store when no certificates have been manually added
// to the server
if (jvmKeyStorePW == null) {
jvmKeyStorePW = saml20.proxies.constants.Constants.getKeystorePassword();
}
keyStore.load(null, jvmKeyStorePW.toCharArray());
}
return keyStore;
}