Does anybody know what type of
<KeyInfo> does ADFS expect to find in field of a
There are several options to choose from. I'm using Keycloak SAML library, which knows to send this field in
<KeyValue> format only (which contains modulus & exponent of the RSA public key). Can ADFS digest this?
<ds:KeyInfo> <ds:KeyValue> <ds:RSAKeyValue> <ds:Modulus>tfJ29N0G1...</ds:Modulus> <ds:Exponent>AQAB</ds:Exponent> </ds:RSAKeyValue> </ds:KeyValue> </ds:KeyInfo>
Answering my own question - apparently, the
<KeyInfo> format doesn't matter.
I got keycloak working with ADFS, while using
<KeyValue> format only.
As I was told on keycloak-user mailing list, "ADFS should be able to determine the correct certificate for signature validation itself by iterating all