SAML request does not contain X.509 certificate
ssi Aug 21, 2014 5:05 AMHi there,
I am facing a pretty stupid problem. At least I think it is stupid and maybe pretty obvious to someone with more practice in picketlink than I have.
I am using picketlink 2.1.9 with Tomcat to create SAML requests to an IdP (which is running the same version of picketlink). But whenever I analyze the SAML request I do not get it to contain the X.509 certificate (with tag <KeyInfo><X509Data><X509Certificate>). Instead it has the certificate with RSAModulus and RSAExponent.
What am I doing wrong? Picketlink starts up okay.
Here's my picketlink.xml:
<PicketLink xmlns="urn:picketlink:identity-federation:config:2.1">
<PicketLinkSP xmlns="urn:picketlink:identity-federation:config:2.1" ServerEnvironment="tomcat" BindingType="POST" SupportsSignatures="true">
<IdentityURL>https://IDP-URL</IdentityURL>
<ServiceURL>https://SP-URL</ServiceURL>
<KeyProvider ClassName="org.picketlink.identity.federation.core.impl.KeyStoreKeyManager">
<Auth Key="KeyStoreURL" Value="path-to-keystore" />
<Auth Key="KeyStorePass" Value="XYZ" />
<Auth Key="SigningKeyPass" Value="ABC" />
<Auth Key="SigningKeyAlias" Value="sp" />
<ValidatingAlias Key="IDP-URL" Value="idp" />
</KeyProvider>
</PicketLinkSP>
<Handlers xmlns="urn:picketlink:identity-federation:handler:config:2.1">
<Handler class="org.picketlink.identity.federation.web.handlers.saml2.SAML2IssuerTrustHandler"/>
<Handler class="org.picketlink.identity.federation.web.handlers.saml2.SAML2LogOutHandler"/>
<Handler class="org.picketlink.identity.federation.web.handlers.saml2.SAML2AuthenticationHandler"/>
<Handler class="org.picketlink.identity.federation.web.handlers.saml2.RolesGenerationHandler" />
<Handler class="org.picketlink.identity.federation.web.handlers.saml2.SAML2SignatureGenerationHandler" />
<Handler class="org.picketlink.identity.federation.web.handlers.saml2.SAML2SignatureValidationHandler"/>
</Handlers>
</PicketLink>
Thank you very much
Steven