I need to generate the KeyInfo element of a SAML assertion that has both the X509Data element with the X509 certificate and the KeyValue element with the public key. It should look like this:
<ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
<ds:X509Data>
<ds:X509Certificate>MIIGLTCquvS ... </ds:X509Certificate>
</ds:X509Data>
<ds:KeyValue>
<ds:RSAKeyValue>
<ds:Modulus>vOksZtPkaxkdxN ..... </ds:Modulus>
<ds:Exponent>AQAB</ds:Exponent>
</ds:RSAKeyValue>
</ds:KeyValue>
</ds:KeyInfo>
I'm using Wss4jOutInterceptor and CXF with a SAMLCallback to generate the Assertion. I can get it to generate either the X509Data or the KeyValue but not both. This has to be in both the SubjectConfirmationData as well as in the Signature of the Assertion. I've seen some answers where you do this using OpenSAML and building it all up by hand, but I'm hoping there's a simpler way using WSS4J.
Thanks in Advance
You can add a custom KeyInfo Element by setting a DOM Element on KeyInfoBean.setElement(). There is not currently a way to do the same though for Signature KeyInfos. I've fixed this in the current code-base:
https://issues.apache.org/jira/browse/WSS-619
Here is the commit including test:
http://svn.apache.org/viewvc?view=revision&revision=1817084
It might take some effort wiring this through with CXF's WSS4JOutInterceptor though.