[cas-user] Re: CAS 5.2.0-RC3 saml 2.0 response KeyInfo how to configure

Tue, 19 Sep 2017 23:37:39 -0700 

Hi all:

I found out the problem occurs in this file:
org.apereo.cas.support.saml.web.idp.profile.builders.enc.BaseSamlObjectSigner, 
in the function [protected SignatureSigningConfiguration 
getSignatureSigningConfiguration()]

Instead of adding a *BasicX509Credential *to the credidential, a 
*BasicCredential 
*was added 


which change the keyinfo from showing:

        <ds:KeyInfo> <ds:X509Data><ds:X509Certificate>MIIDL.....
TCC==</ds:X509Certificate></ds:X509Data></ds:KeyInfo>


To 

        <ds:KeyInfo> 
<ds:KeyValue><ds:RSAKeyValue><ds:Modulus>nv......==</ds:Modulus><ds:Exponent>AQAB</ds:Exponent></ds:RSAKeyValue></ds:KeyValue><ds11:DEREncodedKeyValue
 
xmlns:ds11="http://www.w3.org/2009/xmldsig11#
">MII.......QAB</ds11:DEREncodedKeyValue></ds:KeyInfo>

I think I would try to contribute to CAS so that in CAS 5.2.0-RC4 there is 
option to choice which Credential I want to export.
-Andy

On Tuesday, 19 September 2017 17:52:21 UTC+8, Andy Ng wrote:
>
> Hi all,
>
> Version: CAS 5.2.0-RC3
> Scope: SAML 2.0
>
> ----------------------------------------------------------------------------------------------------------------------------------------------------------------
> Problem: 
> I am connecting my SAML 2.0 sp using CAS 5.2.0-RC1 without problem, but 
> when I updated to CAS 5.2.0-RC3 it cannot connect.
>
> My research shows me that:
> In CAS 5.2.0-RC1, the keyInfo in saml2p:Response will be like below:
>
>         <ds:KeyInfo>
>
>             <ds:X509Data>
>
>                 <ds:X509Certificate>MIIDL.....TCC==</ds:X509Certificate>
>
>             </ds:X509Data>
>
>         </ds:KeyInfo>
>
> However, in CAS 5.2.0-RC3, the keyInfo in saml2p:Response will be change 
> like these:
>
>         <ds:KeyInfo>
>
>             <ds:KeyValue>
>
>                 <ds:RSAKeyValue>
>
>                     <ds:Modulus>nv......==</ds:Modulus>
>
>                     <ds:Exponent>AQAB</ds:Exponent>
>
>                 </ds:RSAKeyValue>
>
>             </ds:KeyValue>
>
>             <ds11:DEREncodedKeyValue xmlns:ds11="
> http://www.w3.org/2009/xmldsig11#";>MII.......QAB</ds11:DEREncodedKeyValue>
>
>         </ds:KeyInfo>
>
> ----------------------------------------------------------------------------------------------------------------------------------------------------------------
> Would like to know if there is any configure to force the KeyInfo to show 
> X509Data, so my SAML 2.0 sp can read the KeyInfo, thanks!
>
> -Andy
>
>

-- 
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
--- 
You received this message because you are subscribed to the Google Groups "CAS 
Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to cas-user+unsubscr...@apereo.org.
To view this discussion on the web visit 
https://groups.google.com/a/apereo.org/d/msgid/cas-user/10a0e513-8816-4717-9f40-02f730495b06%40apereo.org.

Reply via email to