Hi all: I found out the problem occurs in this file: org.apereo.cas.support.saml.web.idp.profile.builders.enc.BaseSamlObjectSigner, in the function [protected SignatureSigningConfiguration getSignatureSigningConfiguration()]
Instead of adding a *BasicX509Credential *to the credidential, a *BasicCredential *was added which change the keyinfo from showing: <ds:KeyInfo> <ds:X509Data><ds:X509Certificate>MIIDL..... TCC==</ds:X509Certificate></ds:X509Data></ds:KeyInfo> To <ds:KeyInfo> <ds:KeyValue><ds:RSAKeyValue><ds:Modulus>nv......==</ds:Modulus><ds:Exponent>AQAB</ds:Exponent></ds:RSAKeyValue></ds:KeyValue><ds11:DEREncodedKeyValue xmlns:ds11="http://www.w3.org/2009/xmldsig11# ">MII.......QAB</ds11:DEREncodedKeyValue></ds:KeyInfo> I think I would try to contribute to CAS so that in CAS 5.2.0-RC4 there is option to choice which Credential I want to export. -Andy On Tuesday, 19 September 2017 17:52:21 UTC+8, Andy Ng wrote: > > Hi all, > > Version: CAS 5.2.0-RC3 > Scope: SAML 2.0 > > ---------------------------------------------------------------------------------------------------------------------------------------------------------------- > Problem: > I am connecting my SAML 2.0 sp using CAS 5.2.0-RC1 without problem, but > when I updated to CAS 5.2.0-RC3 it cannot connect. > > My research shows me that: > In CAS 5.2.0-RC1, the keyInfo in saml2p:Response will be like below: > > <ds:KeyInfo> > > <ds:X509Data> > > <ds:X509Certificate>MIIDL.....TCC==</ds:X509Certificate> > > </ds:X509Data> > > </ds:KeyInfo> > > However, in CAS 5.2.0-RC3, the keyInfo in saml2p:Response will be change > like these: > > <ds:KeyInfo> > > <ds:KeyValue> > > <ds:RSAKeyValue> > > <ds:Modulus>nv......==</ds:Modulus> > > <ds:Exponent>AQAB</ds:Exponent> > > </ds:RSAKeyValue> > > </ds:KeyValue> > > <ds11:DEREncodedKeyValue xmlns:ds11=" > http://www.w3.org/2009/xmldsig11#">MII.......QAB</ds11:DEREncodedKeyValue> > > </ds:KeyInfo> > > ---------------------------------------------------------------------------------------------------------------------------------------------------------------- > Would like to know if there is any configure to force the KeyInfo to show > X509Data, so my SAML 2.0 sp can read the KeyInfo, thanks! > > -Andy > > -- - Website: https://apereo.github.io/cas - Gitter Chatroom: https://gitter.im/apereo/cas - List Guidelines: https://goo.gl/1VRrw7 - Contributions: https://goo.gl/mh7qDG --- You received this message because you are subscribed to the Google Groups "CAS Community" group. To unsubscribe from this group and stop receiving emails from it, send an email to cas-user+unsubscr...@apereo.org. To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/10a0e513-8816-4717-9f40-02f730495b06%40apereo.org.