What kind of KeyInfo does Microsoft ADFS expect to get?Ask Question


Does anybody know what type of <KeyInfo> does ADFS expect to find in field of a SAMLRequest message?

There are several options to choose from. I'm using Keycloak SAML library, which knows to send this field in <KeyValue> format only (which contains modulus & exponent of the RSA public key). Can ADFS digest this?



Answering my own question - apparently, the <KeyInfo> format doesn't matter. I got keycloak working with ADFS, while using <KeyValue> format only. As I was told on keycloak-user mailing list, "ADFS should be able to determine the correct certificate for signature validation itself by iterating all available certificates."

标签: saml adfs keycloak xml-signature
© 2014 TuiCode, Inc.