doticatto
commented
3 years ago I have since done some research and I believe I have answered my own question:
By running the following commands on the host running your python3-saml code you should be able to determine this:
$ xmlsec1 --list-transforms
Registered transform klasses:
"base64","enveloped-signature","c14n","c14n-with-comments","c14n11","c14n11-with-comments","exc-c14n","exc-c14n-with-comments","xpath","xpath2","xpointer","xslt","aes128-cbc","aes192-cbc","aes256-cbc","kw-aes128","kw-aes192","kw-aes256","tripledes-cbc","kw-tripledes","dsa-sha1","dsa-sha256","ecdsa-sha1","ecdsa-sha224","ecdsa-sha256","ecdsa-sha384","ecdsa-sha512","hmac-md5","hmac-ripemd160","hmac-sha1","hmac-sha224","hmac-sha256","hmac-sha384","hmac-sha512","md5","ripemd160","rsa-md5","rsa-ripemd160","rsa-sha1","rsa-sha224","rsa-sha256","rsa-sha384","rsa-sha512","rsa-1_5","rsa-oaep-mgf1p","sha1","sha224","sha256","sha384","sha512"
$ xmlsec1 --list-key-data
Registered key data klasses:
"key-name","key-value","retrieval-method","enc-key","aes","des","dsa","ecdsa","hmac","rsa","x509","raw-x509-cert"
Recently, InCommon federation updated our metadata to include AES-128-GCM as a supported algorithm, but it does not seem that it is actually supported. Is there a listing of the encryption and signing algorithms that are explicitly supported for inbound assertions by the library?
I cannot find this information anywhere. If it is system-dependent based on installed libxml/xmlsec libraries can that information be made public as well?