AES256-CBC for encryption?
Cantor, Scott
cantor.2 at osu.edu
Fri May 10 18:24:45 EDT 2019
On 5/10/19, 6:12 PM, "users on behalf of Wessel, Keith" <users-bounces at shibboleth.net on behalf of kwessel at illinois.edu> wrote:
> Thanks, Scott. That explains why my encrypted assertion is still going as AES128. Yes, we do control the metadata. Is it as
> simple as just adding this to their metadata?
Yes.
> I don't have to make mention of any signing algorithms or anything else as long as they're good with our defaults,
> correct?
Yes, the algorithm extension overrides individual types of behavior by intersecting the IdP supported methods with the metadata, and no metadata just implies no preference and leaves the default behavior.
-- Scott
More information about the users
mailing list