5:39 p.m.
Hi,
When creating a client from SAML metadata, should Keycloak use the SignatureMethod from
the metadata as Signature Algorithm for the client?
I noticed that the Signature Algorithm is always RSA_SHA256 regardless of the algorithm in
the metadata file. Is this a bug or it's just the designed behavior?
Thanks,
Gideon
________________________________
This message and any attachments are intended solely for the addressees and may contain
confidential information. Any unauthorized use or disclosure, either whole or partial, is
prohibited.
E-mails are susceptible to alteration. Our company shall not be liable for the message if
altered, changed or falsified. If you are not the intended recipient of this message,
please delete it and notify the sender.
Although all reasonable efforts have been made to keep this transmission free from
viruses, the sender will not be liable for damages caused by a transmitted virus.
3:45 a.m.
This is not a bug as SAML metadata standard does not contain specification of client
signature algorithm: SignatureMethod is property of the signature of the metadata, not
part of the metadata of the client. Keycloak currently always sets RSA_SHA256 to client
Signature algorithm. If this is important for your usecase, please file a JIRA feature
request and provide details of the usecase.
--Hynek
On 01/18/2017 12:39 AM, Caranzo Gideon wrote:
Hi,
When creating a client from SAML metadata, should Keycloak use the SignatureMethod from
the metadata as Signature Algorithm for the client?
I noticed that the Signature Algorithm is always RSA_SHA256 regardless of the algorithm
in the metadata file. Is this a bug or it's just the designed behavior?
Thanks,
Gideon
________________________________
This message and any attachments are intended solely for the addressees and may contain
confidential information. Any unauthorized use or disclosure, either whole or partial, is
prohibited.
E-mails are susceptible to alteration. Our company shall not be liable for the message if
altered, changed or falsified. If you are not the intended recipient of this message,
please delete it and notify the sender.
Although all reasonable efforts have been made to keep this transmission free from
viruses, the sender will not be liable for damages caused by a transmitted virus.
_______________________________________________
keycloak-dev mailing list
keycloak-dev(a)lists.jboss.org
https://lists.jboss.org/mailman/listinfo/keycloak-dev
3220
days inactive
3221
days old
1 comments
2 participants
participants (2)
-
Caranzo Gideon -
Hynek Mlnarik