<div dir="ltr">We figured out what was happening with some help from F5 (BigIP) technicians.<div>Keycloak uses RSA v1.5 for key transport algorithm but this is not supported in BigIP APM.</div><div><br></div><div>It also seems like v1.5 is largely deprecated and BigIP requires RSA-OAEP for this.</div><div><br></div><div>This seems to be set in XMLEncryptionUtil.getXMLEncryptionURLForKeyUnwrap(...)</div><div>returning XMLCipher.RSA_v1dot5 if the public SP key was a RSA key.</div><div><br></div><div>Is there any way to easily change from RSAv1.5 to RSA-OAEP?</div><div><br></div><div>References: </div><div><a href="https://support.f5.com/kb/en-us/products/big-ip_ltm/releasenotes/related/relnote-supplement-hotfix-bigip-12-0-0.html#A534555-1">https://support.f5.com/kb/en-us/products/big-ip_ltm/releasenotes/related/relnote-supplement-hotfix-bigip-12-0-0.html#A534555-1</a><br></div><div><br></div><div><a href="https://tools.ietf.org/html/rfc3560">https://tools.ietf.org/html/rfc3560</a></div><div><br></div><div>Thanks!</div><div><br><div class="gmail_quote"><div dir="ltr">ons. 22. jun. 2016 kl. 15.34 skrev Pål Oliver Kristiansen <<a href="mailto:paal.oliver@gmail.com">paal.oliver@gmail.com</a>>:<br></div><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div dir="ltr">Thanks Bill!<div><br></div><div>What we did was to crate the client in Keycloak by importing the SP metadata file. So the "Encryption Key" and "Signing Key" have the values from the SP's metadata file already.</div><div>From what I can gather, the values in this part of the client definition in Keycloak, matches the values in the meta data file when looking at the elements:</div><div><br></div><div><SPSSODescriptor> </div><div> <KeyDescriptor use="encryption"></div><div><span style="line-height:1.5"> <ds:KeyInfo></span></div><div><div> <ds:X509Data></div><div><span style="line-height:1.5"> <ds:X509Certificate>---[Key found in certificate]---</span></ds:X509Certificate></div></div><div><br></div><div>Would this work or am I missing something?</div><div><br></div><div>I can double check that the private key on the SP side actually is correlated with the public one in the meta data file.</div></div><br><div class="gmail_quote"><div dir="ltr">ons. 22. jun. 2016 kl. 15.03 skrev Bill Burke <<a href="mailto:bburke@redhat.com" target="_blank">bburke@redhat.com</a>>:<br></div><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">Once you've enabled encryption, you have to go to the 'SAML Keys' tab.<br>
There is an Encryption Key at the bottom of that screen. You can have<br>
Keycloak generate the private key and cert for the SP, or you can import<br>
the SP's certificate that is stored in a PEM file, JKS, or PKCS12 file.<br>
<br>
On 6/22/16 3:47 AM, Pål Oliver Kristiansen wrote:<br>
> Hi!<br>
><br>
> We have set up Keycloak as an IDP with a F5 BigIP APM as a SAML SP.<br>
> Everything works well out of the box, but when we activate encryption of<br>
> assertions, we get an error on the<br>
> BigIP side.<br>
><br>
> So in order to investigate the situation, I'm trying to understand the<br>
> process of SAML assertion response encryption.<br>
> And I am a bit confused when reading the Keycloak documentation and<br>
> comparing that to what I see in the Keycloak admin console.<br>
> Here is what I mean; in the documentation<br>
> (<a href="https://keycloak.github.io/docs/userguide/keycloak-server/html/saml.html" rel="noreferrer" target="_blank">https://keycloak.github.io/docs/userguide/keycloak-server/html/saml.html</a>),<br>
> activating<br>
> assertion response encryption is described like this:<br>
><br>
> "Encrypt Assertions<br>
> Encrypt assertions in SAML documents with the realm's private key. The<br>
> AES algorithm is used with a key size of 128 bits."<br>
><br>
> But in the admin console (under clients) it is described like this in<br>
> the tooltip:<br>
><br>
> "Encrypt Assertions<br>
> Should SAML assertions be encrypted with client's public key using AES?"<br>
><br>
> So basically, which key is used for encrypting the assertion response?<br>
><br>
> I have inspected the actual HTTP post and it looks something like this:<br>
><br>
> <samlp:Response><br>
> ...<br>
> <saml:EncryptedAssertion><br>
> <xenc:EncryptedData xmlns:xenc="<a href="http://www.w3.org/2001/04/xmlenc#" rel="noreferrer" target="_blank">http://www.w3.org/2001/04/xmlenc#</a>"<br>
> Type="<a href="http://www.w3.org/2001/04/xmlenc#Element" rel="noreferrer" target="_blank">http://www.w3.org/2001/04/xmlenc#Element</a>"><br>
> <xenc:EncryptionMethod<br>
> Algorithm="<a href="http://www.w3.org/2001/04/xmlenc#aes128-cbc" rel="noreferrer" target="_blank">http://www.w3.org/2001/04/xmlenc#aes128-cbc</a>"/><br>
> <ds:KeyInfo xmlns:ds="<a href="http://www.w3.org/2000/09/xmldsig#" rel="noreferrer" target="_blank">http://www.w3.org/2000/09/xmldsig#</a>"><br>
> <xenc:EncryptedKey><br>
> <xenc:EncryptionMethod<br>
> Algorithm="<a href="http://www.w3.org/2001/04/xmlenc#rsa-1_5" rel="noreferrer" target="_blank">http://www.w3.org/2001/04/xmlenc#rsa-1_5</a>"/><br>
> <xenc:CipherData><br>
> <xenc:CipherValue>---[block of cipher<br>
> text]---</xenc:CipherValue><br>
> </xenc:CipherData><br>
> </xenc:EncryptedKey><br>
> </ds:KeyInfo><br>
> <xenc:CipherData><br>
> <xenc:CipherValue>---[block of cipher text]---</xenc:CipherValue><br>
> </xenc:CipherData><br>
> </xenc:EncryptedData><br>
> </saml:EncryptedAssertion><br>
> </samlp:Response><br>
><br>
> So it at least looks like the key to decrypt the encrypted response is<br>
> included. It is encrypted using RSA, but with which key?<br>
> My understanding was something like this:<br>
><br>
> 1. The encryption of a SAML assertion response is done using AES-128,<br>
> with some key.<br>
> 2. The key is added alongside the encrypted assertion response and<br>
> encrypted using the SP's public key.<br>
> 3. The SP receives the encrypted assertion response and the encrypted<br>
> key, decrypts the key using its' private key and uses<br>
> this decrypted key to decrypt the actual assertion response.<br>
><br>
> Is this generally correct?<br>
><br>
> The error we get from BigIP is this: "failed to process encrypted<br>
> assertion, error: RSA decrypt"<br>
> Which leads me to think that maybe the decryption of the included key<br>
> did not work out.<br>
> Any ideas or tips to how to approach this?<br>
><br>
> Thanks!<br>
><br>
><br>
> _______________________________________________<br>
> keycloak-user mailing list<br>
> <a href="mailto:keycloak-user@lists.jboss.org" target="_blank">keycloak-user@lists.jboss.org</a><br>
> <a href="https://lists.jboss.org/mailman/listinfo/keycloak-user" rel="noreferrer" target="_blank">https://lists.jboss.org/mailman/listinfo/keycloak-user</a><br>
><br>
_______________________________________________<br>
keycloak-user mailing list<br>
<a href="mailto:keycloak-user@lists.jboss.org" target="_blank">keycloak-user@lists.jboss.org</a><br>
<a href="https://lists.jboss.org/mailman/listinfo/keycloak-user" rel="noreferrer" target="_blank">https://lists.jboss.org/mailman/listinfo/keycloak-user</a><br>
</blockquote></div></blockquote></div></div></div>