[keycloak-user] SAML Assertion Signature Algorithm Validation
Hynek Mlnarik
hmlnarik at redhat.com
Tue Feb 14 03:15:59 EST 2017
There's no such functionality yet. Could you please file a feature
request in JIRA?
--Hynek
On Fri, Feb 10, 2017 at 5:07 PM, Gabriel Lavoie <glavoie at gmail.com> wrote:
> Hi,
> I'm currently testing different SAML signature algorithms with our
> application and I noticed that regardless of the chosen signature algorithm
> for a SAML client, Keycloak will accept assertions signed with another
> algorithm (ex: KC signs with SHA256 but accepts SHA1 from the SP).
>
> With many other IdPs, when a signature algorithm is chosen, there's a
> validation that the same algorithm is used in both directions. I think this
> is something that Keycloak should do too as a security measure. Can this be
> done right now or an enhancement request would be required?
>
> Thanks,
>
> --
> Gabriel Lavoie
> glavoie at gmail.com
> _______________________________________________
> keycloak-user mailing list
> keycloak-user at lists.jboss.org
> https://lists.jboss.org/mailman/listinfo/keycloak-user
--
--Hynek
More information about the keycloak-user
mailing list