Skip to end of metadata
Go to start of metadata

You are viewing an old version of this page. View the current version.

Compare with Current View Page History

« Previous Version 3 Next »

Overview

CONNECT provides a basic feature to more easily select SHA versions to use for initiating and accepting requests. Available SHA versions are based on the versions supported by CXF and OpenSAML.

CXF and OpenSAML

Latest CONNECT release (5.2) leverages CXF 3.1.9 and OpenSAML 2.6.6

Specifying SHA versions

SHA versions supported by OpenSAML and CXF can be specified in saml.properties in the CONNECT properties directory:

  • saml.digestAlgorithms - comma separated list of SignatureConstants/URIs, of the desired digest algorithms to support

  • saml.signatureAlgorithms - comma separated list of SignatureConstants/URIs, of the desired signature algorithms to support

  • saml.defaultDigestAlgorithm - default digest algorithm to use if an override is not provided in the entity message. Defaults to SHA1 if not set.

  • saml.defaultSignatureAlgorithm - default signature algorithm to use if an override is not provided in the entity message. Defaults to RSA-SHA1 if not set.

Sample saml.digestAlogrithms
saml.signatureAlgorithms=ALGO_ID_SIGNATURE_RSA_SHA512
Sample saml.signatureAlogrithms
saml.digestAlgorithms=ALGO_ID_DIGEST_SHA512
Sample saml.defaultDigestAlogrithm
saml.defaultDigestAlgorithm=ALGO_ID_DIGEST_SHA512
Sample saml.defaultSignatureAlogrithm
saml.defaultSignatureAlgorithm=ALGO_ID_SIGNATURE_RSA_SHA512

Overriding default SHA version

An example algorithm override follows:

<urn1:signatureAlgorithm‌‌>http://www.w3.org/2001/04/xmldsig-more#rsa-sha512</urn1:signatureAlgorithm>
<urn1:digestAlgorithm‌‌>http://www.w3.org/2001/04/xmlenc#sha512</urn1:digestAlgorithm>

Responding gateways

All versions specfied in saml.xxx can be accepted by a responding CONNECT gateway

  • No labels