Support for SHA256?

Lukas Österreicher lukas.oesterreicher at inode.at
Wed Jun 5 06:39:04 EDT 2013


Hi.

I was wondering if opensaml can support signatures with SHA256withRSA
instead of SHA1withRSA.

I took a look at the detection of the SigAlg URL in BasicSecurityConfiguration
(using getSignatureAlgorithmURI which in turn is called (at least in
my case) HTTPRedirectDeflateEncoder.getSignatureAlgorithmURI) and it
appears the detection is just based on the Algorithm of the Key
wich is just "RSA" in the typical case.
So it would not even allow distinguishing between hash algorithms.

On the other hand, when I just went ahead and used a SHA256withRSA
Signature my unit tests (covering SAML login and logout) ran through correctly.
Was SHA256 actually used and just the SigAlg paramter is incorrect?

Thanx in advance,
Lukas



More information about the users mailing list