PAC4J - SAML Message - problem defining digest and signature methods

[Filipe Matos]

Hi,

I'm using pac4j to communicate with a SAML IDP. In the idp metadata file I've defined the digest and signing method to SHA1:

<EntityDescriptor entityID="https://preprod.auth.ev.pt/Default.aspx">

        

        <Extensions>

        <mdalg:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" />

          <mdalg:SigningMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1" /> 

        </Extensions>

         ...

But the SAML request message is created with different digest and signing methods..

<?xml version="1.0" encoding="UTF-8"?>

<saml2p:AuthnRequest

AssertionConsumerServiceURL="http://local.dev.test:8090/cas/login?client_name=Saml2Client"

Consent="urn:oasis:names:tc:SAML:2.0:consent:unspecified" Destination="https://preprod.auth.ev.pt/Default.aspx"

ForceAuthn="false" 

        ID="_1ofkkjdbxppvvhnpcjusxx7oizjjhxxypozmkpe"

IsPassive="false" IssueInstant="2015-08-28T09:25:53.320Z"

ProtocolBinding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST"

ProviderName="Generic Portal - Tests" Version="2.0"

xmlns:saml2p="urn:oasis:names:tc:SAML:2.0:protocol">

      <saml:Issuer xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion">http://tests.lan</saml:Issuer>

<ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#">

<ds:SignedInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#">

<ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"

xmlns:ds="http://www.w3.org/2000/09/xmldsig#" />

<ds:SignatureMethod

Algorithm="http://www.w3.org/2001/04/xmldsig-more#rsa-sha256"

xmlns:ds="http://www.w3.org/2000/09/xmldsig#" />

<ds:Reference URI="#_1ofkkjdbxppvvhnpcjusxx7oizjjhwpypozmkpe"

xmlns:ds="http://www.w3.org/2000/09/xmldsig#">

<ds:Transforms xmlns:ds="http://www.w3.org/2000/09/xmldsig#">

<ds:Transform

Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"

xmlns:ds="http://www.w3.org/2000/09/xmldsig#" />

<ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"

xmlns:ds="http://www.w3.org/2000/09/xmldsig#" />

</ds:Transforms>

<ds:DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha512"

xmlns:ds="http://www.w3.org/2000/09/xmldsig#" />

<ds:DigestValue xmlns:ds="http://www.w3.org/2000/09/xmldsig#"> .......

</ds:DigestValue>

</ds:Reference>

</ds:SignedInfo>

<ds:SignatureValue xmlns:ds="http://www.w3.org/2000/09/xmldsig#">

......

</ds:SignatureValue>

Could u guys tell me what I'm doing wrong?

Best regards,

Filipe Matos