leastprivilege
commented
9 years ago Yes you need to change the source code. In IdSrv3 this is configurable. See here:
The signature algorithm gets configured on the signing credentials - in v2 this would be somewhere in the configuration class.
Hi,
I am working on a solution where I need to re-use a SAML2 token issued by idsrv V2.
This is for integration with Citrix's Sharefile API http://api.sharefile.com/rest/
In particular I need to get the below code sample working:
SAML Authentication: This authentication support assumes you have a mechanism for obtaining a SAML assertion, samlAssertion from the user's IdP.
'var sfClient = new ShareFileClient("https://secure.sf-api.com/sf/v3/"); var oauthService = new OAuthService(sfClient, "[clientid]", "[clientSecret]");
var oauthToken = await oauthService.ExchangeSamlAssertionAsync(samlAssertion, subdomain, applicationControlPlane);
sfClient.AddOAuthCredentials(oauthToken); sfClient.BaseUri = oauthToken.GetUri();'
I have been able to get access to the token. However it is being rejected. Information I have found about Sharefile suggests it is due to the Signature Algorithm being SHA256 and they only accept SHA1.
The problem I have is that the certificate I'm using is infact SHA1 but no matter what I have tried it seems to always produce a token with SHA265.
Any ideas? Is there somewhere I can make a change in the code to set it to SHA1?
Am I better off creating my own new token in the client APP for sending to the sharefile API?