[keycloak-user] Keycloak Java adapter & ADFS
Cat Mucius
cat at mucius.tk
Wed Apr 26 18:01:54 EDT 2017
Good day,
I'm trying to get Keycloak Java adapter (on SP side) working with Microsoft
ADFS (on IdP side).
As I understood, ADFS expects to receive <KeyInfo> element in <Signature> of
SAMLRequest in specific format:
"Importantly, then the SAML Signature Key Name field that shows after
enabling the Want AuthnRequests Signed option has to be set to CERT_SUBJECT
as AD FS expects the signing key name hint to be the subject of the signing
certificate."
blog.keycloak.org/2017/03/how-to-setup-ms-ad-fs-30-as-brokered.html
But the Java adapter sends <KeyInfo> in another format – the <KeyValue>
format:
<dsig:KeyInfo>
<dsig:KeyValue>
<dsig:RSAKeyValue>
<dsig:Modulus>gLOdl9d0CGelhcIkOa…s4Hj4N6xEjQG/bQ==</dsig:Modulus>
<dsig:Exponent>AQAB</dsig:Exponent>
</dsig:RSAKeyValue>
</dsig:KeyValue>
</dsig:KeyInfo>
So I have two questions:
a. Is it really a problem? Has anyone used the Java adapter successfully to
authenticate against ADFS?
b. If it is, is there a way to instruct the adapter to send <KeyInfo> in
some another format?
Thanks,
Mucius.
More information about the keycloak-user
mailing list