Encrypt assertion session key and transport key algorithms were hardcoded.
closes: #821
What your changes do and why you chose this solution
Added encrypt_assertion_session_key_algs and encrypt_assertion_cert_key_algs configuration options to specify algorithms which can be used for encrypting assertions. Both of them are lists and index represents algorithm priority (first one has highest priority).
When there is not cert prvided in parameters program will try to find one in metadata. Keys in metadata are prioritized in following order.
with use=encryption and specified EncryptionMethods
with use=encryption
without use=encryption
If key has EncryptionMethods program will make intersect with configuration options and will take algorithms by its priority. If intersect is empty or there is not EncryptionMethod program will use first ones from config options.
Added paramters and their propagation to Server.create_authn_response specifying session key and transport key algorithms for encrypt_cert_advice and encrypt_cert_assertion. If they are not provided program will use first ones from new config options.
For support http://www.w3.org/2009/xmlenc11#rsa-oaep transport key alg with MGF1xmlsec version>=1.3.0 is required.
Checklist
[x] Checked that no other issues or pull requests exist for the same issue/change
[ ] Added tests covering the new functionality
[x] Updated documentation OR the change is too minor to be documented
[ ] Updated CHANGELOG.md OR changes are insignificant
Description
The feature or problem addressed by this PR
Encrypt assertion session key and transport key algorithms were hardcoded.
closes: #821
What your changes do and why you chose this solution
Added
encrypt_assertion_session_key_algs
andencrypt_assertion_cert_key_algs
configuration options to specify algorithms which can be used for encrypting assertions. Both of them are lists and index represents algorithm priority (first one has highest priority).When there is not cert prvided in parameters program will try to find one in metadata. Keys in metadata are prioritized in following order.
use=encryption
and specifiedEncryptionMethods
use=encryption
use=encryption
If key has
EncryptionMethods
program will make intersect with configuration options and will take algorithms by its priority. If intersect is empty or there is notEncryptionMethod
program will use first ones from config options.Added paramters and their propagation to
Server.create_authn_response
specifying session key and transport key algorithms forencrypt_cert_advice
andencrypt_cert_assertion
. If they are not provided program will use first ones from new config options.For support
http://www.w3.org/2009/xmlenc11#rsa-oaep
transport key alg withMGF1
xmlsec version>=1.3.0
is required.Checklist