Metadata driven override of encryption algorithm

Wessel, Keith kwessel at
Wed Jan 27 22:49:40 UTC 2021

This is awesome, Scott! Sorry, I never thought to check for a metadata filter to do this. Much simpler than my solution. Thank you!


-----Original Message-----
From: users <users-bounces at> On Behalf Of Cantor, Scott
Sent: Wednesday, January 27, 2021 4:25 PM
To: Shib Users <users at>
Subject: Re: Metadata driven override of encryption algorithm

On 1/27/21, 4:44 PM, "users on behalf of Wessel, Keith" <users-bounces at on behalf of kwessel at> wrote:

>    I have an SP's metadata from our local federation that doesn't include an encryption algorithm element but needs to.;!!DZ3fjg!t6JPKZB3vy_ISBctidEL1I8tYjfKrP2jHj5p0KRuMtbUTGQvuEI74xKFXByebsD1ag$ 

>    Using a method similar to what we used to use for forcing SHA1 
> signing, I know I can create a bean that overrides the default 
> encryption configuration used in the DefaultSecurityConfiguration bean. I can then, in relying-party.xml, apply this bean to an RP using a p:securityConfiguration-ref property on the relevant profile.

You can, but I wouldn't, the Algorithm filter is a more direct way to do it.

-- Scott

For Consortium Member technical support, see;!!DZ3fjg!t6JPKZB3vy_ISBctidEL1I8tYjfKrP2jHj5p0KRuMtbUTGQvuEI74xKFXBxAps6bMg$
To unsubscribe from this list send an email to users-unsubscribe at

More information about the users mailing list