From 8511513705b08b8d3957e0fa99feff52641f00f2 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Thorbj=C3=B8rn=20Beblein?= Date: Thu, 29 Sep 2022 10:11:50 +0200 Subject: [PATCH] 66: Unable to sign with SHA-256 (Fix for https://github.com/vdenotaris/spring-boot-security-saml-sample/issues/66) --- .../saml/web/config/WebSecurityConfig.java | 15 ++++++++++++++- 1 file changed, 14 insertions(+), 1 deletion(-) diff --git a/src/main/java/com/vdenotaris/spring/boot/security/saml/web/config/WebSecurityConfig.java b/src/main/java/com/vdenotaris/spring/boot/security/saml/web/config/WebSecurityConfig.java index 876bfe2..e8719ec 100755 --- a/src/main/java/com/vdenotaris/spring/boot/security/saml/web/config/WebSecurityConfig.java +++ b/src/main/java/com/vdenotaris/spring/boot/security/saml/web/config/WebSecurityConfig.java @@ -31,10 +31,14 @@ import org.opensaml.saml2.metadata.provider.MetadataProviderException; import org.opensaml.xml.parse.ParserPool; import org.opensaml.xml.parse.StaticBasicParserPool; +import org.opensaml.xml.security.BasicSecurityConfiguration; +import org.opensaml.xml.signature.SignatureConstants; +import org.springframework.beans.BeansException; import org.springframework.beans.factory.annotation.Autowired; import org.springframework.beans.factory.annotation.Qualifier; import org.springframework.beans.factory.DisposableBean; import org.springframework.beans.factory.InitializingBean; +import org.springframework.beans.factory.config.ConfigurableListableBeanFactory; import org.springframework.context.annotation.Bean; import org.springframework.context.annotation.Configuration; import org.springframework.core.io.DefaultResourceLoader; @@ -162,7 +166,16 @@ public SAMLContextProviderImpl contextProvider() { // Initialization of OpenSAML library @Bean public static SAMLBootstrap sAMLBootstrap() { - return new SAMLBootstrap(); + return new SAMLBootstrap() { + @Override + public void postProcessBeanFactory(ConfigurableListableBeanFactory beanFactory) throws BeansException { + super.postProcessBeanFactory(beanFactory); + BasicSecurityConfiguration config = (BasicSecurityConfiguration) org.opensaml.Configuration.getGlobalSecurityConfiguration(); + config.registerSignatureAlgorithmURI("RSA", SignatureConstants.ALGO_ID_SIGNATURE_RSA_SHA256); + config.setSignatureReferenceDigestMethod(SignatureConstants.ALGO_ID_DIGEST_SHA256); + } + + }; } // Logger for SAML messages and events