SAML 2.0 Unable to see X509Certificate value in SAML assertion

Question

I have Jks and *.cer files loded in saml configurations correctly but generated saml assertion unable to locate certificate tags like , , inside signature...what could be the reason I have Keyinfo object correct ly configured

KeyInfo keyInfo = (KeyInfo)create(KeyInfo.class, KeyInfo.DEFAULT_ELEMENT_NAME);

<ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#"><ds:SignedInfo><ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/><ds:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"/><ds:Reference URI="#_27ffd2e4ee3090abd76890d5436b2f62"><ds:Transforms><ds:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/><ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"><ec:InclusiveNamespaces PrefixList="xs" xmlns:ec="http://www.w3.org/2001/10/xml-exc-c14n#"/></ds:Transform></ds:Transforms><ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/><ds:DigestValue>iCKAJTHHj1GGfZi6oIIBabGSl2c=</ds:DigestValue></ds:Reference></ds:SignedInfo><ds:SignatureValue>09n/W4DWmgdvaRF6X88A7Mn7SiYPLB/pWL8rC6GuwqTGhGtHLkljahzVTYATdY84zglyrIoX+ANrIgdz9ITkdZIanm1bI5VgploBcEzjDufEJDQm7DbEPZtBp/PkTLalV+h17D2c3TBGxht1fsJ9IrHFZyNOoukBareyAZwjPLE=</ds:SignatureValue></ds:Signature>

Answer 1

Try using the generate function of BasicKeyInfoGeneratorFactory.BasicKeyInfoGenerator

If you send in you credential, you get a keyinfo object back.

Then use setKeyInfo on your signature to add the information

Answer 2

Hey Thanks Stefan Following I have missing and after adding same it find working missed to add publicKey...

KeyInfoHelper.addPublicKey(keyInfo, signingCredential.getPublicKey());
      signature.setKeyInfo(keyInfo);

Answer 3

Please enable the verbose logging in your web.config. Surely you would be able to catch the exact reason for the exception.

Normally its due to "Microsoft Enhanced RSA and AES Cryptographic" issue.