Details
-
Sub-task
-
Resolution: Done
-
Minor
-
None
-
None
-
None
-
2022 Sprint 5, 2022 Sprint 6, 2022 Sprint 7, 2020 Sprint 8
Description
Look to documentation, review the new encryption and confirm next steps based on need for ShibUI.
Example valid filter:
<MetadataFilter xsi:type="Algorithm"> |
<!--
|
Use AES-CBC encryption and OAEP with SHA-256 for key encryption padding. |
Normal defaults are AES-GCM and OAEP with SHA-1. |
-->
|
<md:EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#aes128-cbc" /> |
<md:EncryptionMethod Algorithm="http://www.w3.org/2009/xmlenc11#rsa-oaep"> |
<xenc11:MGF Algorithm="http://www.w3.org/2009/xmlenc11#mgf1sha256" /> |
<ds:DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha256" /> |
</md:EncryptionMethod>
|
|
|
<Entity>https://sp1.example.org</Entity> |
|
|
<!-- For a second SP, also switch to SHA-512 and RSA with SHA-512 for signing. --> |
<alg:DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha512" /> |
<alg:SigningMethod Algorithm="http://www.w3.org/2001/04/xmldsig-more#rsa-sha512"/> |
|
<Entity>https://sp2.example.org</Entity> |
|
|
</MetadataFilter>
|
