mirror of
https://github.com/keycloak/keycloak.git
synced 2025-12-30 19:39:55 -06:00
Deprecate SHA1 based algorithms for sign SAML documents and assertions
Closes #16240
This commit is contained in:
mposolda
@@ -693,7 +693,7 @@
|
||||
"attributes": {
|
||||
"saml.server.signature": "true",
|
||||
"saml.client.signature": "true",
|
||||
"saml.signature.algorithm": "RSA_SHA1",
|
||||
"saml.signature.algorithm": "RSA_SHA256",
|
||||
"saml.authnstatement": "true",
|
||||
"saml.signing.certificate": "MIIB0DCCATkCBgFJH5u0EDANBgkqhkiG9w0BAQsFADAuMSwwKgYDVQQDEyNodHRwOi8vbG9jYWxob3N0OjgwODAvZW1wbG95ZWUtc2lnLzAeFw0xNDEwMTcxOTMzNThaFw0yNDEwMTcxOTM1MzhaMC4xLDAqBgNVBAMTI2h0dHA6Ly9sb2NhbGhvc3Q6ODA4MC9lbXBsb3llZS1zaWcvMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQC+9kVgPFpshjS2aT2g52lqTv2lqb1jgvXZVk7iFF4LAO6SdCXKXRZI4SuzIRkVNpE1a42V1kQRlaozoFklgvX5sje8tkpa9ylq+bxGXM9RRycqRu2B+oWUV7Aqq7Bs0Xud0WeHQYRcEoCjqsFKGy65qkLRDdT70FTJgpSHts+gDwIDAQABMA0GCSqGSIb3DQEBCwUAA4GBACKyPLGqMX8GsIrCfJU8eVnpaqzTXMglLVo/nTcfAnWe9UAdVe8N3a2PXpDBvuqNA/DEAhVcQgxdlOTWnB6s8/yLTRuH0bZgb3qGdySif+lU+E7zZ/SiDzavAvn+ABqemnzHcHyhYO+hNRGHvUbW5OAii9Vdjhm8BI32YF1NwhKp"
|
||||
}
|
||||
|
||||
@@ -353,7 +353,7 @@ sign-documents-redirect-enable-key-info-ext.tooltip=When signing SAML documents
|
||||
sign-assertions=Sign Assertions
|
||||
sign-assertions.tooltip=Should assertions inside SAML documents be signed? This setting is not needed if document is already being signed.
|
||||
signature-algorithm=Signature Algorithm
|
||||
signature-algorithm.tooltip=The signature algorithm to use to sign documents.
|
||||
signature-algorithm.tooltip=The signature algorithm to use to sign documents. Note that 'SHA1' based algorithms are deprecated and can be removed in the future. It is recommended to stick to some more secure algorithm instead of '*_SHA1'
|
||||
canonicalization-method=Canonicalization Method
|
||||
canonicalization-method.tooltip=Canonicalization Method for XML signatures.
|
||||
encrypt-assertions=Encrypt Assertions
|
||||
|
||||
Reference in New Issue
Block a user