From 18912fee7f15de0262f11a55b487b0bd059a47e1 Mon Sep 17 00:00:00 2001 From: Ioannis Kakavas Date: Wed, 13 Nov 2019 09:18:56 +0200 Subject: [PATCH] Remove limitation for SAML encryption in FIPS mode (#48948) Our documentation regarding FIPS 140 claimed that when using SAML in a JVM that is configured in FIPS approved only mode, one could not use encrypted assertions. This stemmed from a wrong understanding regarding the compliance of RSA-OAEP which is used as the key wrapping algorithm for encrypting the key with which the SAML Assertion is encrypted. However, as stated for instance in https://downloads.bouncycastle.org/fips-java/BC-FJA-SecurityPolicy-1.0.0.pdf RSA-OAEP is approved for key transport, so this limitation is not effective. This change removes the limitation from our FIPS 140 related documentation. --- x-pack/docs/en/security/fips-140-compliance.asciidoc | 2 -- 1 file changed, 2 deletions(-) diff --git a/x-pack/docs/en/security/fips-140-compliance.asciidoc b/x-pack/docs/en/security/fips-140-compliance.asciidoc index 0e46fd8c6f45a..2e0329327941c 100644 --- a/x-pack/docs/en/security/fips-140-compliance.asciidoc +++ b/x-pack/docs/en/security/fips-140-compliance.asciidoc @@ -124,5 +124,3 @@ features are not available while running in fips mode. The list is as follows: available. * The SQL CLI client cannot run in a FIPS 140-2 enabled JVM while using TLS for transport security or PKI for client authentication. -* The SAML Realm cannot decrypt and consume encrypted Assertions or encrypted - attributes in Attribute Statements from the SAML IdP.