Uploaded image for project: 'Nuxeo Platform'
  1. Nuxeo Platform
  2. NXP-28450

Allow configuration of Signature Algorithm for SAML

    Details

    • Type: Bug
    • Status: Resolved
    • Priority: Major
    • Resolution: Fixed
    • Affects Version/s: 10.10
    • Fix Version/s: 10.10-HF43, 11.5, 2021.2
    • Component/s: SAML
    • Release Notes Summary:
      The Signature Algorithm for SAML is configurable.
    • Release Notes Description:
      Hide

      To configure a signature algorithm for SAML, add a SignatureAlgorithm entry to the plugin <parameters>, for instance:

      <parameter name="SignatureAlgorithm">http://www.w3.org/2001/04/xmldsig-more#rsa-sha256</parameter>
      

      The signature algorithms are defined by the various SAML and XML specs, in particular RFC 6931. If an algorithm unknown to the current library has to be used, the following more verbose syntax that includes the explicit JCA/JCE key algorithm specifier (RSA in this example) may be used:

      <parameter name="SignatureAlgorithm.RSA">http://www.w3.org/2001/04/xmldsig-more#rsa-sha256</parameter>
      

      In the same way it's possible to define a digest algorithm with the DigestAlgorithm parameter:

      <parameter name="DigestAlgorithm">http://www.w3.org/2001/04/xmlenc#sha256</parameter>
      

      Consult the normative documents like W3C XML Encryption for the algorithms.

      Show
      To configure a signature algorithm for SAML, add a SignatureAlgorithm entry to the plugin <parameters> , for instance: <parameter name= "SignatureAlgorithm" > http://www.w3.org/2001/04/xmldsig-more#rsa-sha256 </parameter> The signature algorithms are defined by the various SAML and XML specs, in particular RFC 6931 . If an algorithm unknown to the current library has to be used, the following more verbose syntax that includes the explicit JCA/JCE key algorithm specifier ( RSA in this example) may be used: <parameter name= "SignatureAlgorithm.RSA" > http://www.w3.org/2001/04/xmldsig-more#rsa-sha256 </parameter> In the same way it's possible to define a digest algorithm with the DigestAlgorithm parameter: <parameter name= "DigestAlgorithm" > http://www.w3.org/2001/04/xmlenc#sha256 </parameter> Consult the normative documents like W3C XML Encryption for the algorithms.
    • Tags:
    • Backlog priority:
      850

      Description

      Some customers need to benefit from the latest digest algorithm like SHA256 which is not supported by our default implementation.

        Attachments

          Issue Links

            Activity

              People

              • Votes:
                1 Vote for this issue
                Watchers:
                5 Start watching this issue

                Dates

                • Created:
                  Updated:
                  Resolved:

                  Time Tracking

                  Estimated:
                  Original Estimate - Not Specified
                  Not Specified
                  Remaining:
                  Remaining Estimate - 0 minutes
                  0m
                  Logged:
                  Time Spent - 2 days
                  2d

                    PagerDuty

                    Error rendering 'com.pagerduty.jira-server-plugin:PagerDuty'. Please contact your Jira administrators.