How to add x509Data tag and keyInfo tag in Subject tag in saml2

Question

I am using the following code to generate the below saml assertion:

        SAMLObjectBuilder confirmationMethodBuilder = (SAMLObjectBuilder) builderFactory.getBuilder(SubjectConfirmationData.DEFAULT_ELEMENT_NAME);
        SubjectConfirmationData  confirmationMethod = (SubjectConfirmationData) confirmationMethodBuilder.buildObject();
        DateTime now = new DateTime();
        confirmationMethod.setNotBefore(now);
        confirmationMethod.setNotOnOrAfter(now.plusMinutes(2));

    //SAMLObjectBuilder keyInfoBuilderMethod = (SAMLObjectBuilder) builderFactory.getBuilder(KeyInfoConfirmationDataType.DEFAULT_ELEMENT_NAME);
    //KeyInfoConfirmationDataType keyInfoBuilder = (KeyInfoConfirmationDataType)keyInfoBuilderMethod.buildObject();
    //keyInfoBuilder.??
    //The commented part is what i tried but not successful to add the certificate into the SubjectConfirmationData.


    SAMLObjectBuilder subjectConfirmationBuilder = (SAMLObjectBuilder) builderFactory.getBuilder(SubjectConfirmation.DEFAULT_ELEMENT_NAME);
    SubjectConfirmation subjectConfirmation = (SubjectConfirmation) subjectConfirmationBuilder.buildObject();
    subjectConfirmation.setSubjectConfirmationData(confirmationMethod);

currently get the following output:

<saml2:Subject>
    <saml2:NameID Format="urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress" NameQualifier="CCC">abcde.xyz@xyz.com</saml2:NameID>
    <saml2:SubjectConfirmation>
        <saml2:SubjectConfirmationData NotBefore="2015-08-16T06:04:54.115Z" NotOnOrAfter="2015-08-16T06:06:54.115Z"/>
    </saml2:SubjectConfirmation>
</saml2:Subject>

i need the saml assertion to contain the keyinfo and the x509Certificate in the SubjectConfirmationData as below:

<saml:Subject>
      <saml:NameID
        Format="urn:oasis:names:tc:SAML:1.1:nameid-format:X509SubjectName">
        CN=trscavo@uiuc.edu,OU=User,O=NCSA-TEST,C=US
      </saml:NameID>
      <saml:SubjectConfirmation
        Method="urn:oasis:names:tc:SAML:2.0:cm:holder-of-key">
        <saml:SubjectConfirmationData>
          <ds:KeyInfo>
            <ds:X509Data>
              <!-- principal's X.509 cert -->
              <ds:X509Certificate>
  MIICiDCCAXACCQDE+9eiWrm62jANBgkqhkiG9w0BAQQFADBFMQswCQYDVQQGEwJV
  UzESMBAGA1UEChMJTkNTQS1URVNUMQ0wCwYDVQQLEwRVc2VyMRMwEQYDVQQDEwpT
  UC1TZXJ2aWNlMB4XDTA2MDcxNzIwMjE0MVoXDTA2MDcxODIwMjE0MVowSzELMAkG
  A1UEBhMCVVMxEjAQBgNVBAoTCU5DU0EtVEVTVDENMAsGA1UECxMEVXNlcjEZMBcG
  A1UEAwwQdHJzY2F2b0B1aXVjLmVkdTCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkC
  gYEAv9QMe4lRl3XbWPcflbCjGK9gty6zBJmp+tsaJINM0VaBaZ3t+tSXknelYife
  nCc2O3yaX76aq53QMXy+5wKQYe8Rzdw28Nv3a73wfjXJXoUhGkvERcscs9EfIWcC
  g2bHOg8uSh+Fbv3lHih4lBJ5MCS2buJfsR7dlr/xsadU2RcCAwEAATANBgkqhkiG
  9w0BAQQFAAOCAQEAdyIcMTob7TVkelfJ7+I1j0LO24UlKvbLzd2OPvcFTCv6fVHx
  Ejk0QxaZXJhreZ6+rIdiMXrEzlRdJEsNMxtDW8++sVp6avoB5EX1y3ez+CEAIL4g
  cjvKZUR4dMryWshWIBHKFFul+r7urUgvWI12KbMeE9KP+kiiiiTskLcKgFzngw1J
  selmHhTcTCrcDocn5yO2+d3dog52vSOtVFDBsBuvDixO2hv679JR6Hlqjtk4GExp
  E9iVI0wdPE038uQIJJTXlhsMMLvUGVh/c0ReJBn92Vj4dI/yy6PtY/8ncYLYNkjg
  oVN0J/ymOktn9lTlFyTiuY4OuJsZRO1+zWLy9g==
              </ds:X509Certificate>
            </ds:X509Data>
          </ds:KeyInfo>
        </saml:SubjectConfirmationData>
      </saml:SubjectConfirmation>
    </saml:Subject>

The above sample assertion can be found in the following linkhere

There was another question on SO here to add the certificate in signature rather than in the subject tag, which is the correct one to follow?
another question is how to generate the value of the certificate, is this based on any particular.crt file .

Answer 1

How fun that you ask, I wrote a blog post on the subject just a couple of weeks ago. Basically you create a KeyInfoGenerator using X509KeyInfoGeneratorFactory

X509KeyInfoGeneratorFactory x509Factory = new X509KeyInfoGeneratorFactory();
KeyInfoGenerator genarator = x509Factory.newInstance();

Then you use the generator to create KeyInfo

KeyInfo keyinfo = generator.generate(credentials);