[keycloak-user] Keycloak as an Identity Broker Encrypting SAML Assertions
Jason Spittel
jasonspittel at yahoo.com
Tue Sep 12 16:34:08 EDT 2017
Hello,
I'm trying to integrate with InCommon federation, using Keycloak as an Identity Broker.
Workflow is JEE app <--> Keycloak Broker <--> InCommon IdP.
The problem is that InCommon requires SAML Assertion Encrypting. As far as I can see, in the Keycloak IdP setup, I can only set the signing for document.
Looking at this SPSSODescriptor from Keycloak:
<EntityDescriptor entityID="ENTITY_ID_FOR_IDP"><SPSSODescriptor AuthnRequestsSigned="true" protocolSupportEnumeration="urn:oasis:names:tc:SAML:2.0:protocol urn:oasis:names:tc:SAML:1.1:protocol http://schemas.xmlsoap.org/ws/2003/07/secext">
<KeyDescriptor use="signing"> <dsig:KeyInfo> <dsig:KeyName>ASDFASDFASDF</dsig:KeyName> <dsig:X509Data> <dsig:X509Certificate>qwerqwerqwer</dsig:X509Certificate> </dsig:X509Data> </dsig:KeyInfo></KeyDescriptor>
........
</SPSSODescriptor>
</EntityDescriptor>
The KeyDescriptor is not for 'signing' and not for 'encrypting'. How do I set that flag?
Thanks,
Jason
More information about the keycloak-user
mailing list