Project

General

Profile

Development #10155

Ability to set the "DigestMethod" of a saml response

Added by Brett Gardner over 8 years ago. Updated about 6 years ago.

Status:
Fermé
Priority:
Normal
Category:
-
Target version:
Start date:
02 March 2016
Due date:
% Done:

100%

Estimated time:
Patch proposed:
No
Planning:

Description

When building a signed SAML response, there is no way to set the "DigestMethod" of the signature to SHA256, It defaults to SHA1

Attached is a test case, note this is the same test case as issue 10154 hence the name "lasso-bug.tar.bz2"


<Signature xmlns="http://www.w3.org/2000/09/xmldsig#">
<SignedInfo>
<CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
<SignatureMethod Algorithm="http://www.w3.org/2001/04/xmldsig-more#rsa-sha256"/>
<Reference URI="#_A7F3AF0951AD63AB216597DE5743EC91">
<Transforms>
<Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/>
<Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
</Transforms>
*<DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/>*
<DigestValue>...</DigestValue>
</Reference>
</SignedInfo>
<SignatureValue>...</SignatureValue>
<KeyInfo>
<X509Data>
<X509Certificate>...</X509Certificate>
</X509Data>
</KeyInfo>
</Signature>


Files

lasso-bug.tar.bz2 (11.3 KB) lasso-bug.tar.bz2 Brett Gardner, 02 March 2016 12:55 AM

Associated revisions

Revision 95252372 (diff)
Added by Benjamin Dauvergne over 8 years ago

Choose the Reference transform based on the chosen Signature transform (fixes #10155)

i.e. if the signature use SHA2 then use SHA2 of the same strength for digesting
references.

History

#1

Updated by Benjamin Dauvergne over 8 years ago

  • Status changed from Nouveau to Rejeté

LassoServer structure has a signature_method field for this.

#2

Updated by Brett Gardner over 8 years ago

I don't want to set the SignatureMethod to SHA256, I'm already doing this, I want to set the DigestMethod

#3

Updated by Benjamin Dauvergne over 8 years ago

  • Status changed from Rejeté to Nouveau

It's not handled currently, please provide a patch.

#4

Updated by Benjamin Dauvergne over 8 years ago

  • Status changed from Nouveau to Résolu (à déployer)
  • % Done changed from 0 to 100
#5

Updated by Benjamin Dauvergne over 8 years ago

  • Assignee set to Benjamin Dauvergne
#6

Updated by Benjamin Dauvergne over 8 years ago

  • Target version set to 318
#7

Updated by Benjamin Dauvergne about 6 years ago

  • Target version changed from 318 to 2.6.0
#8

Updated by Benjamin Dauvergne about 6 years ago

  • Status changed from Résolu (à déployer) to Fermé

Also available in: Atom PDF