CODEWITHSUNDEEP
encryptionmetadatasamlx509
lox
lox

Reputation: 1622

Encrypted and encoded XML representation of X.509 Certificate for SAML metadata

I order to set up SSO and function as Service Provider with my Identity Provider I need to specify which certificate I want to use for signing and encrypting in the exchanged metadata XML file. But how do I create the encrypted and encoded representation (like below) of my certificate so it can be put into the XML. What process do I need to go through here?

   <q1:KeyDescriptor use="signing">
      <KeyInfo xmlns="http://www.w3.org/2000/09/xmldsig#">
         <X509Data>
            <X509Certificate>MIICZDCCAdGg.....IQ0jOz8mmZToZD7ab9==</X509Certificate>
         </X509Data>
      </KeyInfo>
   </q1:KeyDescriptor>
   <q1:KeyDescriptor use="encryption">
      <KeyInfo xmlns="http://www.w3.org/2000/09/xmldsig#">
         <X509Data>
            <X509Certificate>MIICZDCCAdGg......IQ0jOz8mmZToZD7ab==</X509Certificate>
         </X509Data>
      </KeyInfo>
   </q1:KeyDescriptor>

Upvotes: 1

Views: 6206

Answers (1)

ZZ Coder
ZZ Coder

Reputation: 75496

The body of <X509Certificate> is the DER-encoded data of X509 certificate. Since the datatype is base64Binary, it needs to be Base64-encoded.

-----BEGIN CERTIFICATE-----
MIIDijCCAnICCQDXfWAafSjGzDANBgkqhkiG9w0BAQQFADCBhjELMAkGA1UEBhMC
...
meTdn90sElH+yhWNRi6XtXirsTjDXQhudWWJ8r5NPkTBE7lDtg+6SBfDCrWFsw==
-----END CERTIFICATE-----

It's the same stuff in PEM file between the header and footer. If you get the certificate from CA, it's normally in PEM format already. If not, you can use OpenSSL or Java Keytool to convert it.

Upvotes: 3

Related Questions