Metadata driven override of encryption algorithm
Wessel, Keith
kwessel at illinois.edu
Wed Jan 27 22:49:40 UTC 2021
This is awesome, Scott! Sorry, I never thought to check for a metadata filter to do this. Much simpler than my solution. Thank you!
Keith
-----Original Message-----
From: users <users-bounces at shibboleth.net> On Behalf Of Cantor, Scott
Sent: Wednesday, January 27, 2021 4:25 PM
To: Shib Users <users at shibboleth.net>
Subject: Re: Metadata driven override of encryption algorithm
On 1/27/21, 4:44 PM, "users on behalf of Wessel, Keith" <users-bounces at shibboleth.net on behalf of kwessel at illinois.edu> wrote:
> I have an SP's metadata from our local federation that doesn't include an encryption algorithm element but needs to.
https://urldefense.com/v3/__https://wiki.shibboleth.net/confluence/display/IDP4/AlgorithmFilter__;!!DZ3fjg!t6JPKZB3vy_ISBctidEL1I8tYjfKrP2jHj5p0KRuMtbUTGQvuEI74xKFXByebsD1ag$
> Using a method similar to what we used to use for forcing SHA1
> signing, I know I can create a bean that overrides the default
> encryption configuration used in the DefaultSecurityConfiguration bean. I can then, in relying-party.xml, apply this bean to an RP using a p:securityConfiguration-ref property on the relevant profile.
You can, but I wouldn't, the Algorithm filter is a more direct way to do it.
-- Scott
--
For Consortium Member technical support, see https://urldefense.com/v3/__https://wiki.shibboleth.net/confluence/x/coFAAg__;!!DZ3fjg!t6JPKZB3vy_ISBctidEL1I8tYjfKrP2jHj5p0KRuMtbUTGQvuEI74xKFXBxAps6bMg$
To unsubscribe from this list send an email to users-unsubscribe at shibboleth.net
More information about the users
mailing list