Can shibboleth send dsa-sha1 signatures?
Matheesha Weerasinghe
matheesha at gmail.com
Fri Jul 25 08:14:54 EDT 2014
Hi guys
I want to do a quick test against AD FS by getting a Shibboleth SP to send
a signed authnrequest with a signature using the sigalg
http://www.w3.org/2000/09/xmldsig#dsa-sha1.
I've tested as per
https://wiki.shibboleth.net/confluence/display/SHIB2/NativeSPRelyingParty
by adding a signingAlg ="http://www.w3.org/2000/09/xmldsig#dsa-sha1" in the
<relyingparty> and <ApplicationOverride> elements. This however now doesn't
send a signed request at all. I just have signing="true" in both of them.
But if I change it to http://www.w3.org/2001/04/xmldsig-more#rsa-sha256
instead it works and uses that sigalg.
So I am not sure if there is something else I have to do here. I had a
quick scan of the logs but didn't see any clues. I thought it might be
deemed work and filtered out but I couldn't see any evidence for that.
I am running Shib SP 2.5.3 on Windows Server 2008 R2. This was installed
from an MSI.
Cheers
M
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://shibboleth.net/pipermail/users/attachments/20140725/9c51e536/attachment.html
More information about the users
mailing list