...
SHA versions supported by OpenSAML and CXF can be specified in the following locationssaml.properties in the CONNECT properties directory:
saml.digestAlgorithms - comma separated list of SignatureConstants/URIs, of the desired digest algorithms to support
saml.signatureAlgorithms - comma separated list of SignatureConstants/URIs, of the desired signature algorithms to support
saml.
...
defaultDigestAlgorithm - default
...
digest algorithm to use if an override is not provided in the entity message. Defaults to
...
SHA1 if not set.
saml.
...
defaultSignatureAlgorithm - default
...
signature algorithm to use if an override is not provided in the entity message. Defaults to RSA-SHA1 if not set.
| Code Block | ||
|---|---|---|
| ||
saml.signatureAlgorithms=ALGO_ID_SIGNATURE_RSA_SHA512 |
| Code Block | ||
|---|---|---|
| ||
saml.digestAlgorithms=ALGO_ID_DIGEST_SHA512 |
| Code Block | ||
|---|---|---|
| ||
saml.defaultDigestAlgorithm=ALGO_ID_DIGEST_SHA512 |
| Code Block | ||
|---|---|---|
| ||
saml.defaultSignatureAlgorithm=ALGO_ID_SIGNATURE_RSA_SHA512 |
Overriding default SHA version
An example algorithm override follows:
<urn1:signatureAlgorithm>http://www.w3.org/2001/04/xmldsig-more#rsa-sha512</urn1:signatureAlgorithm>
<urn1:digestAlgorithm>http://www.w3.org/2001/04/xmlenc#sha512</urn1:digestAlgorithm>
Responding gateways
All versions specfied in saml.xxx can be accepted by a responding CONNECT gateway