SAML - Configure DigestMethod algorithm

This document describes how to change SAML Signature DigestMethod algorithm. Default value is currently SHA1.

The reader of this document should have some basic knowledge about PhenixID Server.

We will make changes to phenix-store.json, so make sure to have a recent  copy/backup of this file.

System requirements

- PhenixID Server v 3.2 or higher installed.

- At least one SAML Identity Provider or SAML Service Provider configured.

Configure DigestMethod algorithm

- This change will change the SAML Signing DigestMethod in PAS (global change).

- Login to Configuration Manager

- Advanced -> Modules

- Locate the phenix-saml module

- Add configuration parameter:

"defaultdigestMethod": "<REPLACE_WITH_ALGORITHM>"

Approved values for <REPLACE_WITH_ALGORITHM>  are:

The default digest method (when config param is omitted) is http://www.w3.org/2000/09/xmldsig#sha1

 

Example conf:

{
		"name": "com.phenixidentity~phenix-saml",
		"enabled": "true",
		"id": "samlModule",
		"config": {
			"defaultdigestMethod": "http://www.w3.org/2001/04/xmlenc#sha256"
		}
	}

- Restart the PhenixID service

Test

Test by browsing to the IDP metadata. The DigestMethod should reflect the configured value.