How to probably configure Splunk to set authnrequests to be signed by SHA-256 signature algorithm?

slee75 — Tue, 07 Feb 2017 18:54:46 GMT

Hello, I'm trying to set the authnrequests to be signed by a sha256 cert, as that's a requirement of my ldp for SAML. However, when I look at the SAML trace, it looks like it's still getting sent as a SHA1:

   <SignedInfo>
        <CanonicalizationMethod 
            Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
        <SignatureMethod 
            Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"/>

My authentication.conf file shows it as rsa-sha256 though:

signAuthnRequest = true
signatureAlgorithm = RSA-SHA256
signedAssertion = true
sloBinding = HTTPPost

Anybody know what I'm missing?

Re: How to probably configure Splunk to set authnrequests to be signed by SHA-256 signature algorithm?

suarezry — Thu, 09 Feb 2017 15:04:43 GMT

signatureAlgorithm = RSA-SHA256

Check out the authentication.conf spec:

signatureAlgorithm = RSA-SHA1 | RSA-SHA256
* This setting is applicable only for redirect binding.

I think the binding is HTTP Post by default. Check your SAML config:

Try changing it to HTTP Redirect (if your IdP supports it).

topic Re: How to probably configure Splunk to set authnrequests to be signed by SHA-256 signature algorithm? in Security

How to probably configure Splunk to set authnrequests to be signed by SHA-256 signature algorithm?

Re: How to probably configure Splunk to set authnrequests to be signed by SHA-256 signature algorithm?