When configuring the service provider I want to provide my own jks keystore. But it looks like the key pair password of the private key (where alias = entity id) has to be the same as the keystore password. If I choose some different key pair password for my private key I get an error after uploading and saving the SP configuration in the application : Er is een fout opgetreden tijdens het bijwerken van de configuratie: Unable to load the private key from the key store. If you have just added your own key store make sure the key store password is equal to the password configured in the model and add your key store again. When I set the password of the private key equally to the password of the keystore, I can upload and save it without error. Is this how it is expected?