Details
-
Improvement
-
Status: Closed
-
Major
-
Resolution: Fixed
-
1.6.2
-
None
Description
The AssertionWrapper class is used in WSS4J to create a SAML Assertion
via a CallbackHandler. It has a method that can be used to sign the SAML
Assertion:
public void signAssertion(
String issuerKeyName,
String issuerKeyPassword,
Crypto issuerCrypto,
boolean sendKeyValue
)
The signature and canonicaliazation algorithms currently used are hard coded as showed by the following code snippet:
signature.setCanonicalizationAlgorithm(
SignatureConstants.ALGO_ID_C14N_EXCL_OMIT_COMMENTS
);
String sigAlgo = SignatureConstants.ALGO_ID_SIGNATURE_RSA_SHA1;
String pubKeyAlgo = issuerCerts[0].getPublicKey().getAlgorithm();
if (pubKeyAlgo.equalsIgnoreCase("DSA")) {
sigAlgo = SignatureConstants.ALGO_ID_SIGNATURE_DSA;
}
There should be a way for the user to be able to configure these algorithms