SAML - Configure SignatureMethod algorithm

This document describes how to change SAML Signature SignatureMethod algorithm. Default value is currently SHA256.

The reader of this document should have some basic knowledge about PhenixID Server.

We will make changes to phenix-store.json, so make sure to have a recent  copy/backup of this file.

System requirements

- PhenixID Server v 3.0 or higher installed.

- At least one SAML Identity Provider or SAML Service Provider configured.

Configure SignatureMethod algorithm

- This change will change the SAML Signing SignatureMethod in PAS (global change).

- Login to Configuration Manager

- Advanced -> Modules

- Locate the phenix-saml module

- Add configuration parameter:

"defaultSignatureAlgo": "<REPLACE_WITH_ALGORITHM>"

Approved values for <REPLACE_WITH_ALGORITHM>  are:

The default signature method (when config param is omitted) is http://www.w3.org/2001/04/xmldsig-more#rsa-sha256

 

Example conf:

{
		"name": "com.phenixidentity~phenix-saml",
		"enabled": "true",
		"id": "samlModule",
		"config": {
			"defaultSignatureAlgo": "http://www.w3.org/2000/09/xmldsig#rsa-sha1"
		}
	}

- Restart the PhenixID service

Test

Test by browsing to the IDP metadata. The SignatureMethod should reflect the configured value.