Metadata driven override of encryption algorithm
kwessel at illinois.edu
Wed Jan 27 21:44:31 UTC 2021
I have an SP's metadata from our local federation that doesn't include an encryption algorithm element but needs to. The raw xml file from the vendor includes one different than our default, but our metadata generation for our local federation doesn't currently support adding <EncryptionMethod> elements. I'd like to address this for now using a metadata driven config.
Using a method similar to what we used to use for forcing SHA1 signing, I know I can create a bean that overrides the default encryption configuration used in the DefaultSecurityConfiguration bean. I can then, in relying-party.xml, apply this bean to an RP using a p:securityConfiguration-ref property on the relevant profile.
Are there corresponding metadata tags that I could add to my metadata-providers.xml to do this? Something like http://shibboleth.net/ns/profiles/securityConfiguration-ref where I could pass in the name of my encryption override bean as the value?
More information about the users