Metadata driven override of encryption algorithm

Cantor, Scott cantor.2 at
Wed Jan 27 22:24:30 UTC 2021

On 1/27/21, 4:44 PM, "users on behalf of Wessel, Keith" <users-bounces at on behalf of kwessel at> wrote:

>    I have an SP's metadata from our local federation that doesn't include an encryption algorithm element but needs to.

>    Using a method similar to what we used to use for forcing SHA1 signing, I know I can create a bean that overrides the
> default encryption configuration used in the DefaultSecurityConfiguration bean. I can then, in relying-party.xml, apply this
> bean to an RP using a p:securityConfiguration-ref property on the relevant profile.

You can, but I wouldn't, the Algorithm filter is a more direct way to do it.

-- Scott

More information about the users mailing list