spring-boot-security-saml-sample: Unable to sign with SHA-256

Describe the bug Unable to sign with SHA-256, even updating signingAlgorithm keeps it as SHA-1

To Reproduce

<samlp:Response Consent="urn:oasis:names:tc:SAML:2.0:consent:unspecified"
    Destination="https://contactcenter.np-mylincolnportal.com/saml/SSO"
    ID="_076f5d60-4cd4-402d-b574-c191127efbfd" InResponseTo="a15026df977c8cd4bhigg9i3h99c9g"
    IssueInstant="2019-03-18T22:37:22.543Z" Version="2.0"
    xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol">
    <Issuer xmlns="urn:oasis:names:tc:SAML:2.0:assertion">http://sso.lfg.com/adfs/services/trust</Issuer>
    <ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
        <ds:SignedInfo><ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/><ds:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"/>
            <ds:Reference URI="#_076f5d60-4cd4-402d-b574-c191127efbfd">
                <ds:Transforms><ds:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/><ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/></ds:Transforms><ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/>
                <ds:DigestValue>la0uwregQ/KZXbnrhT2vbkZm6hc=</ds:DigestValue>
            </ds:Reference>
        </ds:SignedInfo>

Where I’m updating signingAlgorithm

    // Setup advanced info about metadata
    @Bean
    public ExtendedMetadata extendedMetadata() {
        ExtendedMetadata extendedMetadata = new ExtendedMetadata();
        extendedMetadata.setIdpDiscoveryEnabled(false);
        extendedMetadata.setSigningAlgorithm("http://www.w3.org/2001/04/xmldsig-more#rsa-sha256");
        extendedMetadata.setSignMetadata(true);
        extendedMetadata.setEcpEnabled(true);
        return extendedMetadata;
    }

Error Response

Validation of protocol message signature succeeded, message type: {urn:oasis:names:tc:SAML:2.0:protocol}Response
2019-03-18 18:20:04.615  INFO [gateway,e3fb953e205ec452,e3fb953e205ec452,false] 1 --- [io-8443-exec-10] o.s.security.saml.log.SAMLDefaultLogger  : AuthNResponse;FAILURE;10.192.16.125;lfg-cc-gateway;http://sso.lfg.com/adfs/services/trust;;;org.opensaml.common.SAMLException: Response has invalid status code urn:oasis:names:tc:SAML:2.0:status:Responder, status message is null

About this issue

  • Original URL
  • State: open
  • Created 5 years ago
  • Comments: 18 (3 by maintainers)

Most upvoted comments

Sure i am preparing my conf. Hang on

+1
garrit-schroeder on Mar 9, 2020
Read more comments on GitHub
← vcflib: Package 'htslib', required by 'virtual:world', not found
go-sdl2: Change bindings version for every breaking change →