From e374e309c65c4f229db077b127c98d990e00aeb8 Mon Sep 17 00:00:00 2001
From: mposolda <mposolda@gmail.com>
Date: Thu, 5 Jan 2023 11:51:00 +0100
Subject: [PATCH] Deprecate SHA1 based algorithms for sign SAML documents and
 assertions Closes #16240

---
 .../src/test/resources/adapter-test/keycloak-saml/testsaml.json | 2 +-
 .../theme/base/admin/messages/admin-messages_en.properties      | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/testsuite/integration-arquillian/tests/base/src/test/resources/adapter-test/keycloak-saml/testsaml.json b/testsuite/integration-arquillian/tests/base/src/test/resources/adapter-test/keycloak-saml/testsaml.json
index 8b4f721ffd0..ce2d03d4d73 100755
--- a/testsuite/integration-arquillian/tests/base/src/test/resources/adapter-test/keycloak-saml/testsaml.json
+++ b/testsuite/integration-arquillian/tests/base/src/test/resources/adapter-test/keycloak-saml/testsaml.json
@@ -693,7 +693,7 @@
             "attributes": {
                 "saml.server.signature": "true",
                 "saml.client.signature": "true",
-                "saml.signature.algorithm": "RSA_SHA1",
+                "saml.signature.algorithm": "RSA_SHA256",
                 "saml.authnstatement": "true",
                 "saml.signing.certificate": "MIIB0DCCATkCBgFJH5u0EDANBgkqhkiG9w0BAQsFADAuMSwwKgYDVQQDEyNodHRwOi8vbG9jYWxob3N0OjgwODAvZW1wbG95ZWUtc2lnLzAeFw0xNDEwMTcxOTMzNThaFw0yNDEwMTcxOTM1MzhaMC4xLDAqBgNVBAMTI2h0dHA6Ly9sb2NhbGhvc3Q6ODA4MC9lbXBsb3llZS1zaWcvMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQC+9kVgPFpshjS2aT2g52lqTv2lqb1jgvXZVk7iFF4LAO6SdCXKXRZI4SuzIRkVNpE1a42V1kQRlaozoFklgvX5sje8tkpa9ylq+bxGXM9RRycqRu2B+oWUV7Aqq7Bs0Xud0WeHQYRcEoCjqsFKGy65qkLRDdT70FTJgpSHts+gDwIDAQABMA0GCSqGSIb3DQEBCwUAA4GBACKyPLGqMX8GsIrCfJU8eVnpaqzTXMglLVo/nTcfAnWe9UAdVe8N3a2PXpDBvuqNA/DEAhVcQgxdlOTWnB6s8/yLTRuH0bZgb3qGdySif+lU+E7zZ/SiDzavAvn+ABqemnzHcHyhYO+hNRGHvUbW5OAii9Vdjhm8BI32YF1NwhKp"
             }
diff --git a/themes/src/main/resources/theme/base/admin/messages/admin-messages_en.properties b/themes/src/main/resources/theme/base/admin/messages/admin-messages_en.properties
index d0e6677c1dc..a314026cfb7 100644
--- a/themes/src/main/resources/theme/base/admin/messages/admin-messages_en.properties
+++ b/themes/src/main/resources/theme/base/admin/messages/admin-messages_en.properties
@@ -353,7 +353,7 @@ sign-documents-redirect-enable-key-info-ext.tooltip=When signing SAML documents
 sign-assertions=Sign Assertions
 sign-assertions.tooltip=Should assertions inside SAML documents be signed? This setting is not needed if document is already being signed.
 signature-algorithm=Signature Algorithm
-signature-algorithm.tooltip=The signature algorithm to use to sign documents.
+signature-algorithm.tooltip=The signature algorithm to use to sign documents. Note that 'SHA1' based algorithms are deprecated and can be removed in the future. It is recommended to stick to some more secure algorithm instead of '*_SHA1'
 canonicalization-method=Canonicalization Method
 canonicalization-method.tooltip=Canonicalization Method for XML signatures.
 encrypt-assertions=Encrypt Assertions