search

ulisesbocchio / spring-boot-security-saml

spring-security-saml integration with Spring Boot
MIT License
158 stars 73 forks source link

SAML + ADFS #13

Closed tud closed 7 years ago

tud commented 7 years ago

I need to change SHA in order to connect to ADFS Idp server What is the way to do it? maybe you can add a configuration option?

this is an article explaining a solution https://myshittycode.com/2016/02/23/spring-security-saml-replacing-sha-1-with-sha-256-on-signature-and-digest-algorithms/

thanks

ulisesbocchio commented 7 years ago

You can simply provide an Override for the Bootstrap bean:

public final class CustomSAMLBootstrap extends SAMLBootstrap {
    @Override
    public void postProcessBeanFactory(ConfigurableListableBeanFactory beanFactory) throws BeansException {
        super.postProcessBeanFactory(beanFactory);
        BasicSecurityConfiguration config = (BasicSecurityConfiguration) Configuration.getGlobalSecurityConfiguration();
        config.registerSignatureAlgorithmURI("RSA", SignatureConstants.ALGO_ID_SIGNATURE_RSA_SHA256);
        config.setSignatureReferenceDigestMethod(SignatureConstants.ALGO_ID_DIGEST_SHA256);
    }
}

@Bean
public static SAMLBootstrap SAMLBootstrap() {
    return new CustomSAMLBootstrap();
}

And the plugin will pick it up automatically.