Parameters for signing certificate algorithm

[Giacomo Sommavilla]

Hi everybody,

I hope this is the right place to ask my question.

I built an Apereo CAS demo server with a WAR overlay (with which

different services should be authenticated).  I have set up delegated

authentication with SAML2 (for integrating with italian SPID system).

I need to sign the certificate with an algorithm different than the

default SHA-1.

The Apereo CAS documentation

https://apereo.github.io/cas/development/integration/Delegate-Authentication-SAML.html

has the following parameter,

cas.authn.pac4j.saml[].signature-algorithms, which is a "Collection

of signing signature algorithms, if any, to override the global

defaults."  Its type is java.util.List<String>.

I think this should be the right parameter for choosing the algorithm,

but I don't understand what values I can set up there.  I tried

something like "sha256", "sha256WithRSAEncryption", or "SHA256withRSA"

but with no luck.

I always get the error 

org.pac4j.saml.exceptions.SAMLException: org.pac4j.saml.exceptions.SAMLException: Could not determine the signature parameters

at org.pac4j.saml.crypto.DefaultSignatureSigningParametersProvider.build(DefaultSignatureSigningParametersProvider.java:60)

    ...

Can anyone tell me what values are allowed for that parameter?

Thanks and regards,

Giacomo

[Misagh]

Please try again with https://apereo.github.io/cas/Support.html

> --
> You received this message because you are subscribed to the Google Groups "Pac4j users mailing list" group.
> To unsubscribe from this group and stop receiving emails from it, send an email to pac4j-users...@googlegroups.com.
> To view this discussion on the web visit https://groups.google.com/d/msgid/pac4j-users/5a63d7f3-a901-4047-b994-845d50232330n%40googlegroups.com.

[Misagh]

And more specifically: https://apereo.github.io/cas/Mailing-Lists.html