JAVA service provider SAML2 request - disable digital signature
up vote
0
down vote
favorite
I'm trying to integrate a Java SP (service provider) with an existing IDP (.net)
My problem is that my service provider is sending the request with < SignedInfo> which I don't need.
Is there a way to enable/disable this on demand?
(I'm using spring-security-saml2-core and providing the IDP provider using xml)
What I need is something like this:
<samlp:AuthnRequest ID="_66a1c753-1636-4fbc-8f5d-313b19579558"
Version="2.0"
IssueInstant="2018-11-07T22:48:54.286Z"
Destination="http://localhost:44101/SAML/SSOService"
ForceAuthn="false"
IsPassive="false"
ProtocolBinding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST"
AssertionConsumerServiceURL="http://localhost:30941/SAML/AssertionConsumerService"
xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol"><saml:Issuer xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion">urn:componentspace:My-Localhost</saml:Issuer>
but my java client is sending:
<?xml version="1.0" encoding="UTF-8"?><saml2p:AuthnRequest xmlns:saml2p="urn:oasis:names:tc:SAML:2.0:protocol" AssertionConsumerServiceURL="http://localhost:8080/saml/SSO"
Destination="http://localhost:44101/SAML/SSOService"
ForceAuthn="false"
ID="a4065059de35d17j11h270ai65i44hj"
IsPassive="false"
IssueInstant="2018-11-08T17:01:16.853Z"
ProtocolBinding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST"
Version="2.0"> <saml2:Issuer xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion">localhost-demo</saml2:Issuer> <ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
<ds:SignedInfo>
<ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" />
<ds:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1" />
<ds:Reference URI="#a4065059de35d17j11h270ai65i44hj">
<ds:Transforms>
<ds:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature" />
<ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" /></ds:Transforms>
<ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" />
<ds:DigestValue>RBuhWuT4+my+G95BEKpRam2l/qs=</ds:DigestValue>
</ds:Reference>
</ds:SignedInfo>
<ds:SignatureValue>NNy2s52kGCuQQADw7RdCAmAO4chm7BDjW0EJfdyvsgtdygdyrgyhdPNPv9LX2N+XT+syOqUm2VAOlMntBm/BpDkiAi3exIXR/lwph04ehKL6x5WladLCzEaRLOBE0LrFw+WdYOULZp+MRmMN8SsW8XOc5ItVdfhDHBbnUurthi3V7Uq/Q6lfzU9QlxywfMJirWHg==</ds:SignatureValue> < ds:KeyInfo>
<ds:X509Data>
<ds:X509Certificate>MIIC+zCCAeOgAwIBAgIJdfsdgfsdartesgtrygerytoa+K66EA4u7DpE oHJBlqH0AVWAd8q9488DpCo1x4ujTGw7AHE=</ds:X509Certificate>
</ds:X509Data>
</ds:KeyInfo> </ds:Signature>
java .net spring-boot digital-signature saml-2.0
asked Nov 8 at 20:17
tu_1329
134
add a comment |
up vote
0
down vote
favorite
I'm trying to integrate a Java SP (service provider) with an existing IDP (.net)
My problem is that my service provider is sending the request with < SignedInfo> which I don't need.
Is there a way to enable/disable this on demand?
(I'm using spring-security-saml2-core and providing the IDP provider using xml)
What I need is something like this:
<samlp:AuthnRequest ID="_66a1c753-1636-4fbc-8f5d-313b19579558"
Version="2.0"
IssueInstant="2018-11-07T22:48:54.286Z"
Destination="http://localhost:44101/SAML/SSOService"
ForceAuthn="false"
IsPassive="false"
ProtocolBinding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST"
AssertionConsumerServiceURL="http://localhost:30941/SAML/AssertionConsumerService"
xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol"><saml:Issuer xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion">urn:componentspace:My-Localhost</saml:Issuer>
but my java client is sending:
<?xml version="1.0" encoding="UTF-8"?><saml2p:AuthnRequest xmlns:saml2p="urn:oasis:names:tc:SAML:2.0:protocol" AssertionConsumerServiceURL="http://localhost:8080/saml/SSO"
Destination="http://localhost:44101/SAML/SSOService"
ForceAuthn="false"
ID="a4065059de35d17j11h270ai65i44hj"
IsPassive="false"
IssueInstant="2018-11-08T17:01:16.853Z"
ProtocolBinding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST"
Version="2.0"> <saml2:Issuer xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion">localhost-demo</saml2:Issuer> <ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
<ds:SignedInfo>
<ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" />
<ds:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1" />
<ds:Reference URI="#a4065059de35d17j11h270ai65i44hj">
<ds:Transforms>
<ds:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature" />
<ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" /></ds:Transforms>
<ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" />
<ds:DigestValue>RBuhWuT4+my+G95BEKpRam2l/qs=</ds:DigestValue>
</ds:Reference>
</ds:SignedInfo>
<ds:SignatureValue>NNy2s52kGCuQQADw7RdCAmAO4chm7BDjW0EJfdyvsgtdygdyrgyhdPNPv9LX2N+XT+syOqUm2VAOlMntBm/BpDkiAi3exIXR/lwph04ehKL6x5WladLCzEaRLOBE0LrFw+WdYOULZp+MRmMN8SsW8XOc5ItVdfhDHBbnUurthi3V7Uq/Q6lfzU9QlxywfMJirWHg==</ds:SignatureValue> < ds:KeyInfo>
<ds:X509Data>
<ds:X509Certificate>MIIC+zCCAeOgAwIBAgIJdfsdgfsdartesgtrygerytoa+K66EA4u7DpE oHJBlqH0AVWAd8q9488DpCo1x4ujTGw7AHE=</ds:X509Certificate>
</ds:X509Data>
</ds:KeyInfo> </ds:Signature>
java .net spring-boot digital-signature saml-2.0
asked Nov 8 at 20:17
tu_1329
134
add a comment |
up vote
0
down vote
favorite
up vote
0
down vote
favorite
I'm trying to integrate a Java SP (service provider) with an existing IDP (.net)
My problem is that my service provider is sending the request with < SignedInfo> which I don't need.
Is there a way to enable/disable this on demand?
(I'm using spring-security-saml2-core and providing the IDP provider using xml)
What I need is something like this:
<samlp:AuthnRequest ID="_66a1c753-1636-4fbc-8f5d-313b19579558"
Version="2.0"
IssueInstant="2018-11-07T22:48:54.286Z"
Destination="http://localhost:44101/SAML/SSOService"
ForceAuthn="false"
IsPassive="false"
ProtocolBinding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST"
AssertionConsumerServiceURL="http://localhost:30941/SAML/AssertionConsumerService"
xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol"><saml:Issuer xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion">urn:componentspace:My-Localhost</saml:Issuer>
but my java client is sending:
<?xml version="1.0" encoding="UTF-8"?><saml2p:AuthnRequest xmlns:saml2p="urn:oasis:names:tc:SAML:2.0:protocol" AssertionConsumerServiceURL="http://localhost:8080/saml/SSO"
Destination="http://localhost:44101/SAML/SSOService"
ForceAuthn="false"
ID="a4065059de35d17j11h270ai65i44hj"
IsPassive="false"
IssueInstant="2018-11-08T17:01:16.853Z"
ProtocolBinding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST"
Version="2.0"> <saml2:Issuer xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion">localhost-demo</saml2:Issuer> <ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
<ds:SignedInfo>
<ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" />
<ds:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1" />
<ds:Reference URI="#a4065059de35d17j11h270ai65i44hj">
<ds:Transforms>
<ds:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature" />
<ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" /></ds:Transforms>
<ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" />
<ds:DigestValue>RBuhWuT4+my+G95BEKpRam2l/qs=</ds:DigestValue>
</ds:Reference>
</ds:SignedInfo>
<ds:SignatureValue>NNy2s52kGCuQQADw7RdCAmAO4chm7BDjW0EJfdyvsgtdygdyrgyhdPNPv9LX2N+XT+syOqUm2VAOlMntBm/BpDkiAi3exIXR/lwph04ehKL6x5WladLCzEaRLOBE0LrFw+WdYOULZp+MRmMN8SsW8XOc5ItVdfhDHBbnUurthi3V7Uq/Q6lfzU9QlxywfMJirWHg==</ds:SignatureValue> < ds:KeyInfo>
<ds:X509Data>
<ds:X509Certificate>MIIC+zCCAeOgAwIBAgIJdfsdgfsdartesgtrygerytoa+K66EA4u7DpE oHJBlqH0AVWAd8q9488DpCo1x4ujTGw7AHE=</ds:X509Certificate>
</ds:X509Data>
</ds:KeyInfo> </ds:Signature>
java .net spring-boot digital-signature saml-2.0
asked Nov 8 at 20:17
tu_1329
134
I'm trying to integrate a Java SP (service provider) with an existing IDP (.net)
My problem is that my service provider is sending the request with < SignedInfo> which I don't need.
Is there a way to enable/disable this on demand?
(I'm using spring-security-saml2-core and providing the IDP provider using xml)
What I need is something like this:
<samlp:AuthnRequest ID="_66a1c753-1636-4fbc-8f5d-313b19579558"
Version="2.0"
IssueInstant="2018-11-07T22:48:54.286Z"
Destination="http://localhost:44101/SAML/SSOService"
ForceAuthn="false"
IsPassive="false"
ProtocolBinding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST"
AssertionConsumerServiceURL="http://localhost:30941/SAML/AssertionConsumerService"
xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol"><saml:Issuer xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion">urn:componentspace:My-Localhost</saml:Issuer>
but my java client is sending:
<?xml version="1.0" encoding="UTF-8"?><saml2p:AuthnRequest xmlns:saml2p="urn:oasis:names:tc:SAML:2.0:protocol" AssertionConsumerServiceURL="http://localhost:8080/saml/SSO"
Destination="http://localhost:44101/SAML/SSOService"
ForceAuthn="false"
ID="a4065059de35d17j11h270ai65i44hj"
IsPassive="false"
IssueInstant="2018-11-08T17:01:16.853Z"
ProtocolBinding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST"
Version="2.0"> <saml2:Issuer xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion">localhost-demo</saml2:Issuer> <ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
<ds:SignedInfo>
<ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" />
<ds:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1" />
<ds:Reference URI="#a4065059de35d17j11h270ai65i44hj">
<ds:Transforms>
<ds:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature" />
<ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" /></ds:Transforms>
<ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" />
<ds:DigestValue>RBuhWuT4+my+G95BEKpRam2l/qs=</ds:DigestValue>
</ds:Reference>
</ds:SignedInfo>
<ds:SignatureValue>NNy2s52kGCuQQADw7RdCAmAO4chm7BDjW0EJfdyvsgtdygdyrgyhdPNPv9LX2N+XT+syOqUm2VAOlMntBm/BpDkiAi3exIXR/lwph04ehKL6x5WladLCzEaRLOBE0LrFw+WdYOULZp+MRmMN8SsW8XOc5ItVdfhDHBbnUurthi3V7Uq/Q6lfzU9QlxywfMJirWHg==</ds:SignatureValue> < ds:KeyInfo>
<ds:X509Data>
<ds:X509Certificate>MIIC+zCCAeOgAwIBAgIJdfsdgfsdartesgtrygerytoa+K66EA4u7DpE oHJBlqH0AVWAd8q9488DpCo1x4ujTGw7AHE=</ds:X509Certificate>
</ds:X509Data>
</ds:KeyInfo> </ds:Signature>
java .net spring-boot digital-signature saml-2.0
java .net spring-boot digital-signature saml-2.0
asked Nov 8 at 20:17
tu_1329
134
asked Nov 8 at 20:17
tu_1329
134
asked Nov 8 at 20:17
tu_1329
134
asked Nov 8 at 20:17
tu_1329
134
asked Nov 8 at 20:17
tu_1329
134
134
add a comment |
add a comment |
1 Answer
1
active
oldest
votes
up vote
1
down vote
Please refer Configuration metadata to find out details to edit SP metadata. You can add and make attribute requestSigned as false in case authentication request need not be signed. By default the value will be true.
answered Nov 9 at 6:46
BK Elizabeth
382313
add a comment |
1 Answer
1
active
oldest
votes
1 Answer
1
active
oldest
votes
active
oldest
votes
active
oldest
votes
up vote
1
down vote
Please refer Configuration metadata to find out details to edit SP metadata. You can add and make attribute requestSigned as false in case authentication request need not be signed. By default the value will be true.
answered Nov 9 at 6:46
BK Elizabeth
382313
add a comment |
up vote
1
down vote
Please refer Configuration metadata to find out details to edit SP metadata. You can add and make attribute requestSigned as false in case authentication request need not be signed. By default the value will be true.
answered Nov 9 at 6:46
BK Elizabeth
382313
add a comment |
up vote
1
down vote
up vote
1
down vote
Please refer Configuration metadata to find out details to edit SP metadata. You can add and make attribute requestSigned as false in case authentication request need not be signed. By default the value will be true.
answered Nov 9 at 6:46
BK Elizabeth
382313
Please refer Configuration metadata to find out details to edit SP metadata. You can add and make attribute requestSigned as false in case authentication request need not be signed. By default the value will be true.
answered Nov 9 at 6:46
BK Elizabeth
382313
answered Nov 9 at 6:46
BK Elizabeth
382313
answered Nov 9 at 6:46
BK Elizabeth
382313
answered Nov 9 at 6:46
BK Elizabeth
382313
382313
add a comment |
add a comment |
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
StackExchange.ready(
function ()
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fstackoverflow.com%2fquestions%2f53215501%2fjava-service-provider-saml2-request-disable-digital-signature%23new-answer', 'question_page');
);
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
