1 Reply Latest reply on Nov 30, 2014 10:38 PM by Lionel Orellana

    SAML request does not contain X.509 certificate

    Steven Sintermann Newbie

      Hi there,

       

      I am facing a pretty stupid problem. At least I think it is stupid and maybe pretty obvious to someone with more practice in picketlink than I have.

       

      I am using picketlink 2.1.9 with Tomcat to create SAML requests to an IdP (which is running the same version of picketlink). But whenever I analyze the SAML request I do not get it to contain the X.509 certificate (with tag <KeyInfo><X509Data><X509Certificate>). Instead it has the certificate with RSAModulus and RSAExponent.

       

      What am I doing wrong? Picketlink starts up okay.

       

      Here's my picketlink.xml:

      <PicketLink xmlns="urn:picketlink:identity-federation:config:2.1">

        <PicketLinkSP xmlns="urn:picketlink:identity-federation:config:2.1" ServerEnvironment="tomcat" BindingType="POST" SupportsSignatures="true">

        <IdentityURL>https://IDP-URL</IdentityURL>

        <ServiceURL>https://SP-URL</ServiceURL>

       

        <KeyProvider ClassName="org.picketlink.identity.federation.core.impl.KeyStoreKeyManager">

                   <Auth Key="KeyStoreURL" Value="path-to-keystore" />

                   <Auth Key="KeyStorePass" Value="XYZ" />

                   <Auth Key="SigningKeyPass" Value="ABC" />

                   <Auth Key="SigningKeyAlias" Value="sp" />

                   <ValidatingAlias Key="IDP-URL" Value="idp" />

              </KeyProvider>

        </PicketLinkSP>

        <Handlers xmlns="urn:picketlink:identity-federation:handler:config:2.1">

        <Handler class="org.picketlink.identity.federation.web.handlers.saml2.SAML2IssuerTrustHandler"/>

        <Handler class="org.picketlink.identity.federation.web.handlers.saml2.SAML2LogOutHandler"/>

        <Handler class="org.picketlink.identity.federation.web.handlers.saml2.SAML2AuthenticationHandler"/>

        <Handler class="org.picketlink.identity.federation.web.handlers.saml2.RolesGenerationHandler" />

          <Handler class="org.picketlink.identity.federation.web.handlers.saml2.SAML2SignatureGenerationHandler" />

          <Handler class="org.picketlink.identity.federation.web.handlers.saml2.SAML2SignatureValidationHandler"/>

        </Handlers>

      </PicketLink>

       

      Thank you very much

      Steven