Can't get SP3 to accept rsa1.5

Per-Ake Dahl Ejemark perake.dahlejemark at holmedal.se
Fri Sep 21 03:55:17 EDT 2018 

This seems to be a recurring problem. I need to whitelist rsa1.5 and I have followed the instructions that I've found, and nothing works.
Yes, I know that it is a weak algorithm but the IDP has decided to use this and I have no means whatsoever to make him change this so let's leave the discussions of whether to use rsa1.5 or not please.

The shibd.log says this.
2018-09-21 09:42:32 WARN XMLTooling.Decrypter [16] [default]: XMLSecurity exception while decrypting key: XSECAlgorithmMapper::mapURIToHandler - URI http://www.w3.org/2001/04/xmlenc#rsa-1_5 disallowed by whitelist/blacklist policy
2018-09-21 09:42:32 WARN XMLTooling.Decrypter [16] [default]: unable to decrypt key, generating random key for defensive purposes
2018-09-21 09:42:32 ERROR Shibboleth.SSO.SAML2 [16] [default]: failed to decrypt assertion: XMLSecurity exception while decrypting: OpenSSL:SymmetricKey::decryptFinish - Out of range padding value in final block

I have tried the following.
<AlgorithmBlacklist includeDefaultBlacklist="false"/> This doesn't work

Tried to whitelist it
<AlgorithmWhitelist>http://www.w3.org/2001/04/xmlenc#rsa-1_5</AlgorithmWhitelist> This doesn't work

I have searched the documentation for a solution but found nothing. I have searched the net a found no solution.

Am I missing something obvious here?

The project I'm currently working on really depends on this.

Best regards/ Med Vänliga Hälsningar
Per-Åke Dahl Ejemark
System Developer

[HOLMEDAL_black-red_logo-2011_3]

Holmedal Data AB
Flintvägen 4 | 269 41 Östra Karup | Sweden
Tel: +46 (0)431- 686 55
E-mail: perake.dahlejemark at holmedal.se<mailto:perake.dahlejemark at holmedal.se>
WebEx: https://trapezegroup.webex.com/meet/perake.dahlejemark

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://shibboleth.net/pipermail/users/attachments/20180921/30643f43/attachment.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: image001.jpg
Type: image/jpeg
Size: 1899 bytes
Desc: image001.jpg
URL: <http://shibboleth.net/pipermail/users/attachments/20180921/30643f43/attachment.jpg>

More information about the users mailing list