Uploaded image for project: 'PicketLink v2'
  1. PicketLink v2
  2. PLINK2-51

SAML 2.0 Subject EncryptedKey should contain KeyInfo

    XMLWordPrintable

    Details

    • Type: Enhancement
    • Status: Reopened (View Workflow)
    • Priority: Major
    • Resolution: Unresolved
    • Affects Version/s: None
    • Fix Version/s: PLINK_2.1.8
    • Component/s: STS
    • Labels:
      None

      Description

      When the STS issues a SAML 2.0 Assertion for the SymmetricKey case, it generates a Subject that looks like:

      <saml:Subject><saml:NameID NameQualifier="urn:picketlink:identity-federation">admin</saml:NameID><saml:SubjectConfirmation Method="urn:oasis:names:tc:SAML:2.0:cm:holder-of-key"><saml:SubjectConfirmationData><ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#"><xenc:EncryptedKey xmlns:xenc="http://www.w3.org/2001/04/xmlenc#"><xenc:EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#rsa-1_5"/><xenc:CipherData><xenc:CipherValue>i48AXLPCf+QwOZLzp/lEzFxUbUnnYPW7ja2dESnRlDiCY3i6sfP7DEvLFTmOZMF58G6ag9v2E/yp
      SsZz3u+OTEuBZSYRTNlbJ8aMjwAcn6fpqoO/iQDzBQ1lsPhrvfxFa3zXsBihZLMB3mNmDFqRKm0g
      mhMh/n5MYZ5J3mCj1z8=</xenc:CipherValue></xenc:CipherData></xenc:EncryptedKey></ds:KeyInfo></saml:SubjectConfirmationData></saml:SubjectConfirmation></saml:Subject>

      However, the EncryptedKey Element should contain a KeyInfo element that references the key that was used to encrypt the symmetric key contained in the CipherData. If the recipient has multiple private keys then it will have to rely on trial and error to find the correct one to use.

        Gliffy Diagrams

          Attachments

            Issue Links

              Activity

                People

                • Assignee:
                  anil.saldhana Anil Saldanha
                  Reporter:
                  coheigea Colm O hEigeartaigh
                • Votes:
                  1 Vote for this issue
                  Watchers:
                  3 Start watching this issue

                  Dates

                  • Created:
                    Updated: