Hi all:
I found out the problem occurs in this file:
org.apereo.cas.support.saml.web.idp.profile.builders.enc.BaseSamlObjectSigner,
in the function [protected SignatureSigningConfiguration
getSignatureSigningConfiguration()]
Instead of adding a *BasicX509Credential *to the credidential, a
*BasicCredential
*was added
which change the keyinfo from showing:
<ds:KeyInfo> <ds:X509Data><ds:X509Certificate>MIIDL.....
TCC==</ds:X509Certificate></ds:X509Data></ds:KeyInfo>
To
<ds:KeyInfo>
<ds:KeyValue><ds:RSAKeyValue><ds:Modulus>nv......==</ds:Modulus><ds:Exponent>AQAB</ds:Exponent></ds:RSAKeyValue></ds:KeyValue><ds11:DEREncodedKeyValue
xmlns:ds11="http://www.w3.org/2009/xmldsig11#
">MII.......QAB</ds11:DEREncodedKeyValue></ds:KeyInfo>
I think I would try to contribute to CAS so that in CAS 5.2.0-RC4 there is
option to choice which Credential I want to export.
-Andy
On Tuesday, 19 September 2017 17:52:21 UTC+8, Andy Ng wrote:
>
> Hi all,
>
> Version: CAS 5.2.0-RC3
> Scope: SAML 2.0
>
> ----------------------------------------------------------------------------------------------------------------------------------------------------------------
> Problem:
> I am connecting my SAML 2.0 sp using CAS 5.2.0-RC1 without problem, but
> when I updated to CAS 5.2.0-RC3 it cannot connect.
>
> My research shows me that:
> In CAS 5.2.0-RC1, the keyInfo in saml2p:Response will be like below:
>
> <ds:KeyInfo>
>
> <ds:X509Data>
>
> <ds:X509Certificate>MIIDL.....TCC==</ds:X509Certificate>
>
> </ds:X509Data>
>
> </ds:KeyInfo>
>
> However, in CAS 5.2.0-RC3, the keyInfo in saml2p:Response will be change
> like these:
>
> <ds:KeyInfo>
>
> <ds:KeyValue>
>
> <ds:RSAKeyValue>
>
> <ds:Modulus>nv......==</ds:Modulus>
>
> <ds:Exponent>AQAB</ds:Exponent>
>
> </ds:RSAKeyValue>
>
> </ds:KeyValue>
>
> <ds11:DEREncodedKeyValue xmlns:ds11="
> http://www.w3.org/2009/xmldsig11#";>MII.......QAB</ds11:DEREncodedKeyValue>
>
> </ds:KeyInfo>
>
> ----------------------------------------------------------------------------------------------------------------------------------------------------------------
> Would like to know if there is any configure to force the KeyInfo to show
> X509Data, so my SAML 2.0 sp can read the KeyInfo, thanks!
>
> -Andy
>
>
--
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
---
You received this message because you are subscribed to the Google Groups "CAS
Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
To view this discussion on the web visit
https://groups.google.com/a/apereo.org/d/msgid/cas-user/10a0e513-8816-4717-9f40-02f730495b06%40apereo.org.
