[keycloak-dev] Client Signature Algorithm from SAML Metadata

Hynek Mlnarik hmlnarik at redhat.com
Wed Jan 18 04:45:35 EST 2017

This is not a bug as SAML metadata standard does not contain specification of client signature algorithm: SignatureMethod is property of the signature of the metadata, not part of the metadata of the client. Keycloak currently always sets RSA_SHA256 to client Signature algorithm. If this is important for your usecase, please file a JIRA feature request and provide details of the usecase.


On 01/18/2017 12:39 AM, Caranzo Gideon wrote:
> Hi,
> When creating a client from SAML metadata, should Keycloak use the SignatureMethod from the metadata as Signature Algorithm for the client?
> I noticed that the Signature Algorithm is always RSA_SHA256 regardless of the algorithm in the metadata file. Is this a bug or it's just the designed behavior?
> Thanks,
> Gideon
> ________________________________
> This message and any attachments are intended solely for the addressees and may contain confidential information. Any unauthorized use or disclosure, either whole or partial, is prohibited.
> E-mails are susceptible to alteration. Our company shall not be liable for the message if altered, changed or falsified. If you are not the intended recipient of this message, please delete it and notify the sender.
> Although all reasonable efforts have been made to keep this transmission free from viruses, the sender will not be liable for damages caused by a transmitted virus.
> _______________________________________________
> keycloak-dev mailing list
> keycloak-dev at lists.jboss.org
> https://lists.jboss.org/mailman/listinfo/keycloak-dev

More information about the keycloak-dev mailing list