SAML2 Signing algorithm

[JC]

Hello everyone,

I am hoping that someone can answer my question regarding CAS' signing algorithms. We are running CAS 6.1.x, and one of our SPs (Barnes and Noble's AIP) has informed us that they now support SHA256 as a signing algorithm, and want us to switch their service over to it. 

I have looked at the following documentation here and here, which I believe are relevant. However, I still have questions that I hope someone can answer or at least point me in the right direction.

Does CAS have a default SAML2 signing algorithm or does it automatically adapt based on the service provider?

If it has a default, what is it and is there a setting to change it?

Do I just use the 'cas.authn.saml-idp.algs.override-signature-algorithms' key (which begs the question of what is it overriding)?

I hope this makes sense and I appreciate any help. 

Thanks,

James

[Ray Bon]

James,

From your first link, it looks like you set it in the service definition.

The signing algorithm is in the SAML payload. To see it, install a tool like samltracer in your browser. 

Ray

On Thu, 2022-03-17 at 06:25 -0700, JC wrote:

Notice: This message was sent from outside the University of Victoria email system. Please be cautious with links and sensitive information.