4 Replies Latest reply on Feb 21, 2015 9:45 AM by Pedro Igor

    How to change signature method from rsa-sha1 to rsa-sha256 ?

    wester anock Newbie

      Hi all,

      In our picketlink IDP instance , the SAML authentication request or response xml is configured to use sha1 algorithm for signature.

      The signature info in SAML xml content looks like below :

      <dsig:SignedInfo>

        <dsig:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#WithComments" />

        <dsig:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1" />

        <dsig:Reference URI="#ID_dd83fe41-adb6-46c8-84b4-ddd1f6d41087">

        <dsig:Transforms>

        <dsig:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature" />

        <dsig:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" />

        </dsig:Transforms>

        <dsig:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" />

        <dsig:DigestValue>DSqFGv0LDt27bCrPiwEBICJkDK0=</dsig:DigestValue>

        </dsig:Reference>

        </dsig:SignedInfo>

      For some security reason, I would like to change this algorithm to adopt sha256 or other more secured algorithms.

      How can I change this signature method from rsa-sha1 to rsa-sha256 ??