Create SAML2 assertion without KeyInfo

Asked Mar 11 '15 at 19:19

Active Mar 11 '15 at 19:19

Viewed 307 times

The WIF code example given in this answer creates a signed SAML2 assertion.

The eventual xml has the following structure (I've chopped out all the values because they're not important to this question):

<Assertion>
  <Issuer></Issuer>
  <Signature>
    <SignedInfo>
    </SignedInfo>
    <SignatureValue></SignatureValue>
    <KeyInfo>
    </KeyInfo>
  </Signature>
  <Subject>
    <NameID></NameID>
    <SubjectConfirmation/>
  </Subject>
  <Conditions/>
</Assertion>

But for a particular test scenario I need to create it without the <KeyInfo> element.

Is this possible with the WIF Saml2Assertion class? I have to provide the SigningCredentials but so far have not found a way to just sign but not include <KeyInfo> (force the recipient to already have the cert).

assertion.SigningCredentials = clientSigningCredentials;

return new Saml2SecurityToken(assertion);

Again, silly test scenario but it's something I want to simulate because I think this is supported by the standard.

edited May 23 '17 at 11:50

Community

asked Mar 11 '15 at 19:19

explunit

18,967
6
69
94

In theory "keyInfo" is optional. But it would surprise me if there are implementations that can work without it. They would be inefficient (if not worse). – paullem Mar 12 '15 at 07:46

Create SAML2 assertion without KeyInfo

0 Answers0