Page Comparison

...

SHA versions supported by OpenSAML and CXF can be specified in saml.properties in the CONNECT properties directory. Note that while multiple versions can be specified, a default must also be specified and can be overridden in the entity request (described in Overriding default SHA version section below). Make sure the properties include backslash after common. Please see sample entries in saml.properties

...

Code Block

title	Sample saml.properties SHA version configuration

saml.signatureAlgorithms=ALGO_ID_SIGNATURE_RSA_SHA512\,ALGO_ID_SIGNATURE_RSA_SHA1\,ALGO_ID_SIGNATURE_RSA_SHA256
saml.digestAlgorithms=ALGO_ID_DIGEST_SHA512\,ALGO_ID_DIGEST_SHA1\,ALGO_ID_DIGEST_SHA256
saml.defaultSignatureAlgorithm=ALGO_ID_SIGNATURE_RSA_SHA1
saml.defaultDigestAlgorithm=ALGO_ID_DIGEST_SHA1

Anchor
Overriding default SHA version
Overriding default SHA version
Overriding default SHA version

Once a list of allowable SHA versions and a default has been specified, a specific version from the allowable list can be specified in the entity request. An example algorithm override follows:

...

Code Block

title	saml.properties


saml.signatureAlgorithms=ALGO_ID_SIGNATURE_RSA_SHA512\,ALGO_ID_SIGNATURE_RSA_SHA1\,ALGO_ID_SIGNATURE_RSA_SHA256
saml.digestAlgorithms=ALGO_ID_DIGEST_SHA512\,ALGO_ID_DIGEST_SHA1\,ALGO_ID_DIGEST_SHA256

...

Versions Compared

Old Version 11

New Version 12

Key

Anchor
Overriding default SHA version
Overriding default SHA version
Overriding default SHA version

Page Comparison

Versions Compared

Old Version 11

New Version 12

Key

AnchorOverriding default SHA versionOverriding default SHA versionOverriding default SHA version

Anchor
Overriding default SHA version
Overriding default SHA version
Overriding default SHA version