search

catalyst / moodle-auth_saml2

SAML done 100% in Moodle, fast, simple, secure
https://moodle.org/plugins/auth_saml2
73 stars 135 forks source link

Enhancement Request: Support configuration of "encryption.blacklisted-algorithms". #791

Open Logiar opened 1 year ago

Logiar commented 1 year ago

Enhancement Objective

Introduce configurable options in the plugin for managing encryption.blacklisted-algorithms in the SimpleSAMLphp library. This includes enabling the override of default denylisted algorithms for compatibility purposes.

Background

The integration of SimpleSAMLphp within the Moodle plugin includes a default denylisted encryption algorithm. While this enhances security, it can create compatibility issues with systems that still use this algorithm.

Proposed Solution

  1. Configurable Overrides: Add settings to allow administrators to unblock the default denylisted algorithm when needed for compatibility.
  2. Custom Denylisting Capability: Enable administrators to specify additional denylisted encryption algorithms.
danmarsden commented 1 year ago

Can we please change the language used in the saml2 code to 'denylist' instead of 'blacklist". Both variable names in code and the user facing strings. (I didn't look closely at simplesaml but you probably can't change the var names used by simplesaml, just the ones we can control in the saml2 code.)

Thanks!

Logiar commented 1 year ago

Done.