SAML - Configure SignatureMethod algorithm
This document describes how to change SAML Signature SignatureMethod algorithm. Default value is currently SHA256.
The reader of this document should have some basic knowledge about PhenixID Server.
We will make changes to phenix-store.json, so make sure to have a recent copy/backup of this file.
System requirements
- PhenixID Server v 3.0 or higher installed.
- At least one SAML Identity Provider or SAML Service Provider configured.
Configure SignatureMethod algorithm
- This change will change the SAML Signing SignatureMethod in PAS (global change).
- Login to Configuration Manager
- Advanced -> Modules
- Locate the phenix-saml module
- Add configuration parameter:
"defaultSignatureAlgo": "<REPLACE_WITH_ALGORITHM>"
Approved values for <REPLACE_WITH_ALGORITHM> are:
- http://www.w3.org/2001/04/xmldsig-more#rsa-sha256
- http://www.w3.org/2001/04/xmldsig-more#rsa-sha384
- http://www.w3.org/2001/04/xmldsig-more#rsa-sha512
- http://www.w3.org/2000/09/xmldsig#rsa-sha1
The default signature method (when config param is omitted) is http://www.w3.org/2001/04/xmldsig-more#rsa-sha256
Example conf:
{
"name": "com.phenixidentity~phenix-saml",
"enabled": "true",
"id": "samlModule",
"config": {
"defaultSignatureAlgo": "http://www.w3.org/2000/09/xmldsig#rsa-sha1"
}
}
- Restart the PhenixID service
Test
Test by browsing to the IDP metadata. The SignatureMethod should reflect the configured value.