Skip to content

Commit

Permalink
Use RSA256 algorithm for SAML2 authN statement singing
Browse files Browse the repository at this point in the history 
Before, defaulted to insecure SHA1 algorithm. SHA1 support was dropped by Keycloak v22.
  • Loading branch information
@pvannierop
pvannierop committed Sep 15, 2023
1 parent a62e81e commit a5c5ee3
Show file tree
Hide file tree
Showing 2 changed files with 20 additions and 1 deletion.
18 changes: 18 additions & 0 deletions ...src/main/java/org/cbioportal/security/spring/authentication/saml/SAMLBootstrapRSA256.java
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,18 @@
package org.cbioportal.security.spring.authentication.saml;

import org.opensaml.Configuration;
import org.opensaml.xml.security.BasicSecurityConfiguration;
import org.opensaml.xml.signature.SignatureConstants;
import org.springframework.beans.BeansException;
import org.springframework.beans.factory.config.ConfigurableListableBeanFactory;
import org.springframework.security.saml.SAMLBootstrap;

public class SAMLBootstrapRSA256 extends SAMLBootstrap {
@Override
public void postProcessBeanFactory(ConfigurableListableBeanFactory beanFactory) throws BeansException {
super.postProcessBeanFactory(beanFactory);
BasicSecurityConfiguration config = (BasicSecurityConfiguration) Configuration.getGlobalSecurityConfiguration();
config.registerSignatureAlgorithmURI("RSA", SignatureConstants.ALGO_ID_SIGNATURE_RSA_SHA256);
config.setSignatureReferenceDigestMethod(SignatureConstants.ALGO_ID_DIGEST_SHA256);
}
}
3 changes: 2 additions & 1 deletion security/security-spring/src/main/resources/applicationContext-security.xml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -349,6 +349,7 @@
<b:bean class="org.springframework.security.saml.metadata.ExtendedMetadata">
<b:property name="idpDiscoveryEnabled" value="true"/>
<b:property name="signMetadata" value="false"/>
<b:property name="signingAlgorithm" value="http://www.w3.org/2001/04/xmldsig-more#rsa-sha256"/>
</b:bean>
</b:property>
</b:bean>
Expand Down Expand Up @@ -498,7 +499,7 @@
</b:bean>

<!-- Initialization of OpenSAML library-->
<b:bean class="org.springframework.security.saml.SAMLBootstrap"/>
<b:bean class="org.cbioportal.security.spring.authentication.saml.SAMLBootstrapRSA256"/>

<!-- Initialization of the velocity engine -->
<b:bean id="velocityEngine" class="org.springframework.security.saml.util.VelocityFactory" factory-method="getEngine"/>
Expand Down

0 comments on commit a5c5ee3

Please sign in to comment.