SAML - Configure DigestMethod algorithm
This document describes how to change SAML Signature DigestMethod algorithm. Default value is currently SHA1.
The reader of this document should have some basic knowledge about PhenixID Server.
We will make changes to phenix-store.json, so make sure to have a recent copy/backup of this file.
System requirements
- PhenixID Server v 3.2 or higher installed.
- At least one SAML Identity Provider or SAML Service Provider configured.
Configure DigestMethod algorithm
- This change will change the SAML Signing DigestMethod in PAS (global change).
- Login to Configuration Manager
- Advanced -> Modules
- Locate the phenix-saml module
- Add configuration parameter:
"defaultdigestMethod": "<REPLACE_WITH_ALGORITHM>"
Approved values for <REPLACE_WITH_ALGORITHM> are:
- http://www.w3.org/2000/09/xmldsig#sha1
- http://www.w3.org/2001/04/xmldsig-more#sha384
- http://www.w3.org/2001/04/xmlenc#sha256
- http://www.w3.org/2001/04/xmlenc#sha512
The default digest method (when config param is omitted) is http://www.w3.org/2000/09/xmldsig#sha1
Example conf:
{
"name": "com.phenixidentity~phenix-saml",
"enabled": "true",
"id": "samlModule",
"config": {
"defaultdigestMethod": "http://www.w3.org/2001/04/xmlenc#sha256"
}
}- Restart the PhenixID service
Test
Test by browsing to the IDP metadata. The DigestMethod should reflect the configured value.
