Metadata driven override of encryption algorithm
Cantor, Scott
cantor.2 at osu.edu
Wed Jan 27 22:24:30 UTC 2021
On 1/27/21, 4:44 PM, "users on behalf of Wessel, Keith" <users-bounces at shibboleth.net on behalf of kwessel at illinois.edu> wrote:
> I have an SP's metadata from our local federation that doesn't include an encryption algorithm element but needs to.
https://wiki.shibboleth.net/confluence/display/IDP4/AlgorithmFilter
> Using a method similar to what we used to use for forcing SHA1 signing, I know I can create a bean that overrides the
> default encryption configuration used in the DefaultSecurityConfiguration bean. I can then, in relying-party.xml, apply this
> bean to an RP using a p:securityConfiguration-ref property on the relevant profile.
You can, but I wouldn't, the Algorithm filter is a more direct way to do it.
-- Scott
More information about the users
mailing list