Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Support RSA-OAEP for SAML Assertion Encryption #60

Closed
tsujiguchitky opened this issue Apr 18, 2019 · 0 comments
Closed

Support RSA-OAEP for SAML Assertion Encryption #60

tsujiguchitky opened this issue Apr 18, 2019 · 0 comments
Assignees
@tsujiguchitky
Milestone
OpenAM 14.0.0

Comments

@tsujiguchitky
Copy link
Contributor

Description

OpenAM uses RSA-v1.5 as key transfer algorithm for SAML assertions.

However, according to the XML encryption specification, RSA-v1.5 is NOT RECOMMENDED.

5.1.1 Table of Algorithms

5.5.1 RSA Version 1.5

Note: Implementation of RSA v1.5 is NOT RECOMMENDED due to security risks associated with the algorithm.

For example, Shibboleth SP seems to cause an error in federation because this algorithm is disabled.

Solution

Add an option to use RSA-OAEP in Assertion Encryption.
@tsujiguchitky tsujiguchitky added this to the OpenAM 14.0.0 milestone May 31, 2019
@tsujiguchitky tsujiguchitky self-assigned this Aug 2, 2019
@OGIS-RyoKobayashi OGIS-RyoKobayashi mentioned this issue Oct 25, 2019
Merged
OGIS-RyoKobayashi pushed a commit that referenced this issue Oct 25, 2019
@tsujiguchitky @OGIS-RyoKobayashi
Issue #60 Support RSA-OAEP for SAML Assertion Encryption (#152)
3d0b40f 
* Add an option to use RSA-OAEP in Assertion Encryption

* Adjust indent in FMEncProvider

* Keep RSA-v1.5 if upgrading from older versions
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@tsujiguchitky tsujiguchitky

Labels
None yet
Projects
None yet
Milestone
OpenAM 14.0.0
Development

No branches or pull requests
2 participants
@tsujiguchitky @OGIS-RyoKobayashi