Stephen,
Thanks for the reply. It did help to change the STR and STRC messages to use rsa-sha256. I had to change on both client and server sides. However, it did not affect the returned SAML token, which is still signed using rsa-sha1. Gang ________________________________ From: [email protected] [[email protected]] Sent: Tuesday, June 23, 2015 12:46 PM To: [email protected] Subject: RE: SHA256 support for signing the STS token in CXF 2.7.15? Hi – I have this configured through a property on my endpoint, like this: <jaxws:endpoint … > … <jaxws:properties> … <entry key="ws-security.asymmetric.signature.algorithm" value="http://www.w3.org/2001/04/xmldsig-more#rsa-sha256"; /> … </jaxws:properties> </jaxws:endpoint> Thanx, Stephen W. Chappell From: Yang, Gang CTR USARMY (US) [mailto:[email protected]] Sent: Tuesday, June 23, 2015 11:47 AM To: [email protected] Subject: SHA256 support for signing the STS token in CXF 2.7.15? Hi, I'm using CXF 2.7.15. I understand that earlier CXF does not support SHA256, but because of the https://issues.apache.org/jira/i#browse/CXF-5013, which was fixed in 2.7.6, can I assume 2.7.15 has the fix? Can someone provide a pointer on how can I configure the STS client and/or STS server to sign the SAML token with RSA-SHA256? Thanks, Gang
