What kind of KeyInfo does Microsoft ADFS expect to get?Ask Question

问题:

Does anybody know what type of <KeyInfo> does ADFS expect to find in field of a SAMLRequest message?

There are several options to choose from. I'm using Keycloak SAML library, which knows to send this field in <KeyValue> format only (which contains modulus & exponent of the RSA public key). Can ADFS digest this?

<ds:KeyInfo>
    <ds:KeyValue>
        <ds:RSAKeyValue>
            <ds:Modulus>tfJ29N0G1...</ds:Modulus> 
            <ds:Exponent>AQAB</ds:Exponent>
        </ds:RSAKeyValue>
    </ds:KeyValue>
</ds:KeyInfo>

回答1:


Answering my own question - apparently, the <KeyInfo> format doesn't matter. I got keycloak working with ADFS, while using <KeyValue> format only. As I was told on keycloak-user mailing list, "ADFS should be able to determine the correct certificate for signature validation itself by iterating all available certificates."

标签: saml adfs keycloak xml-signature
© 2014 TuiCode, Inc.