Uploaded image for project: 'Keycloak'
  1. Keycloak
  2. KEYCLOAK-13698

SAML Client - AuthnRequest signature does not contain X509Data

    Details

    • Type: Enhancement
    • Status: Closed (View Workflow)
    • Priority: Minor
    • Resolution: Done
    • Affects Version/s: 9.0.2
    • Fix Version/s: 11.0.0
    • Component/s: SAML
    • Labels:
      None
    • Docs QE Status:
      NEW
    • QE Status:
      NEW

      Description

      I'm trying to use Keycloak as a SP for a remote IDP and my remote IDP is refusing AuthnRequests because the message does not contain the X509Data tag in the request signature.

      I have checked on the latest sources available on Github and I have noticed that logout requests set the certificate parameter while signing, while the login ones don't. I think that the two calls should be similar:

      Compare:
      https://github.com/keycloak/keycloak/blob/master/services/src/main/java/org/keycloak/broker/saml/SAMLIdentityProvider.java#L110-L113

      https://github.com/keycloak/keycloak/blob/master/services/src/main/java/org/keycloak/broker/saml/SAMLIdentityProvider.java#L223-L226

      I can provide a pull request on Github if necessary.

        Gliffy Diagrams

          Attachments

            Activity

              People

              • Assignee:
                hmlnarik Hynek Mlnařík
                Reporter:
                l.scorcia Luca Leonardo Scorcia
              • Votes:
                0 Vote for this issue
                Watchers:
                2 Start watching this issue

                Dates

                • Created:
                  Updated:
                  Resolved: