Uploaded image for project: 'Nuxeo Platform'
  1. Nuxeo Platform
  2. NXP-28450

Allow configuration of Signature Algorithm for SAML

    XMLWordPrintable

    Details

    • Type: Bug
    • Status: Resolved
    • Priority: Major
    • Resolution: Fixed
    • Affects Version/s: 10.10
    • Fix Version/s: 10.10-HF43, 11.5, 2021.2
    • Component/s: SAML
    • Release Notes Summary:
      The Signature Algorithm for SAML is configurable.
    • Release Notes Description:
      Hide

      To configure a signature algorithm for SAML, add a SignatureAlgorithm entry to the plugin <parameters>, for instance:

      <parameter name="SignatureAlgorithm">http://www.w3.org/2001/04/xmldsig-more#rsa-sha256</parameter>

      The signature algorithms are defined by the various SAML and XML specs, in particular RFC 6931. If an algorithm unknown to the current library has to be used, the following more verbose syntax that includes the explicit JCA/JCE key algorithm specifier (RSA in this example) may be used:

      <parameter name="SignatureAlgorithm.RSA">http://www.w3.org/2001/04/xmldsig-more#rsa-sha256</parameter>

      In the same way it's possible to define a digest algorithm with the DigestAlgorithm parameter:

      <parameter name="DigestAlgorithm">http://www.w3.org/2001/04/xmlenc#sha256</parameter>

      Consult the normative documents like W3C XML Encryption for the algorithms.

      Show
      To configure a signature algorithm for SAML, add a SignatureAlgorithm entry to the plugin <parameters> , for instance: <parameter name= "SignatureAlgorithm" > http://www.w3.org/2001/04/xmldsig-more#rsa-sha256 </parameter> The signature algorithms are defined by the various SAML and XML specs, in particular RFC 6931 . If an algorithm unknown to the current library has to be used, the following more verbose syntax that includes the explicit JCA/JCE key algorithm specifier ( RSA in this example) may be used: <parameter name= "SignatureAlgorithm.RSA" > http://www.w3.org/2001/04/xmldsig-more#rsa-sha256 </parameter> In the same way it's possible to define a digest algorithm with the DigestAlgorithm parameter: <parameter name= "DigestAlgorithm" > http://www.w3.org/2001/04/xmlenc#sha256 </parameter> Consult the normative documents like W3C XML Encryption for the algorithms.
    • Tags:
    • Backlog priority:
      850

      Description

      Some customers need to benefit from the latest digest algorithm like SHA256 which is not supported by our default implementation.

        Attachments

          Issue Links

          is duplicated by

          Task - A task that needs to be done. NXP-28828 Upgrade SAML library to OpenSAML 3

          • Major - Major loss of function.
          • Resolved

          Improvement - An improvement or enhancement to an existing feature or task. NXP-26135 Support SHA-256 algorithm for SAML signatures

          • Minor - Minor loss of function, or other problem where easy workaround is present.
          • Open
          Is referenced in

          [Captain Hook] PR for 2021: #91 PR for 2021: #91

          [Captain Hook] PR for master: #4691 PR for master: #4691

          [Captain Hook] PR for master: #4752 PR for master: #4752

          [Captain Hook] PR for master: #4769 PR for master: #4769

          [Captain Hook] PR for master: #4924 PR for master: #4924

          [Captain Hook] PR for master: #4935 PR for master: #4935

          links to

          Web Link PR for 10.10: #4630

            Activity

              People

              • Votes:
                1 Vote for this issue
                Watchers:
                5 Start watching this issue

                Dates

                • Created:
                  Updated:
                  Resolved:

                  Time Tracking

                  Estimated:
                  Original Estimate - Not Specified
                  Not Specified
                  Remaining:
                  Remaining Estimate - 0 minutes
                  0m
                  Logged:
                  Time Spent - 2 days
                  2d