Versions Compared

Old Version 9

changes.mady.by.user Sovann Huynh

Saved on

compared with

New Version 10

changes.mady.by.user Minh-Hai Nguyen

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

SHA versions supported by OpenSAML and CXF can be specified in saml.properties in the CONNECT properties directory. Note that while multiple versions can be specified, a default must also be specified and can be overridden in the entity request (described in Overriding default SHA version section below). Make sure the properties include backslash after common.  Please see sample entries in saml.properties

  • saml.digestAlgorithms - comma separated list of SignatureConstants/URIs, of the desired digest algorithms to support
  • saml.signatureAlgorithms - comma separated list of SignatureConstants/URIs, of the desired signature algorithms to support
  • saml.defaultDigestAlgorithm - default digest algorithm to use if an override is not provided in the entity message. Defaults to SHA1 if not set.
  • saml.defaultSignatureAlgorithm - default signature algorithm to use if an override is not provided in the entity message. Defaults to RSA-SHA1 if not set.

...

Code Block
titleSample saml.properties SHA version configuration
saml.signatureAlgorithms=ALGO_ID_SIGNATURE_RSA_SHA512\,ALGO_ID_SIGNATURE_RSA_SHA1\,ALGO_ID_SIGNATURE_RSA_SHA256
saml.digestAlgorithms=ALGO_ID_DIGEST_SHA512\,ALGO_ID_DIGEST_SHA1\,ALGO_ID_DIGEST_SHA256
saml.defaultSignatureAlgorithm=ALGO_ID_SIGNATURE_RSA_SHA512SHA1
saml.defaultDigestAlgorithm=ALGO_ID_DIGEST_SHA512SHA1

Overriding default SHA version

...