RE: SHA256 support for signing the STS token in CXF 2.7.15?

Tue, 23 Jun 2015 12:02:34 -0700 

Sorry about that, I missed a bit of configuration. In my global STS properties 
there's a setting for that as well:

    <bean id="globalSTSProperties" 
class="org.apache.cxf.sts.StaticSTSProperties">
        <property name="signatureProperties" ref="bstSignatureProperties"/>
        ...
    </bean>

    <bean id="bstSignatureProperties" 
class="org.apache.cxf.sts.SignatureProperties">
        <property name="signatureAlgorithm" 
value="http://www.w3.org/2001/04/xmldsig-more#rsa-sha256"; />
        <property name="digestAlgorithm" 
value="http://www.w3.org/2001/04/xmlenc#sha256"; />
    </bean>

Stephen W. Chappell

From: Yang, Gang CTR USARMY (US) [mailto:[email protected]]
Sent: Tuesday, June 23, 2015 2:53 PM
To: [email protected]
Subject: RE: SHA256 support for signing the STS token in CXF 2.7.15?


Stephen,



Thanks for the reply. It did help to change the STR and STRC messages to use 
rsa-sha256. I had to change on both client and server sides. However, it did 
not affect the returned SAML token, which is still signed using rsa-sha1.



Gang

________________________________
From: [email protected]<mailto:[email protected]> 
[[email protected]]
Sent: Tuesday, June 23, 2015 12:46 PM
To: [email protected]<mailto:[email protected]>
Subject: RE: SHA256 support for signing the STS token in CXF 2.7.15?
Hi -

I have this configured through a property on my endpoint, like this:

<jaxws:endpoint ... >
...
        <jaxws:properties>
...
            <entry key="ws-security.asymmetric.signature.algorithm"
                   value="http://www.w3.org/2001/04/xmldsig-more#rsa-sha256"; />
...
        </jaxws:properties>
</jaxws:endpoint>

Thanx,

Stephen W. Chappell

From: Yang, Gang CTR USARMY (US) [mailto:[email protected]]
Sent: Tuesday, June 23, 2015 11:47 AM
To: [email protected]<mailto:[email protected]>
Subject: SHA256 support for signing the STS token in CXF 2.7.15?


Hi,



I'm using CXF 2.7.15. I understand that earlier CXF does not support SHA256, 
but because of the https://issues.apache.org/jira/i#browse/CXF-5013, which was 
fixed in 2.7.6, can I assume 2.7.15 has the fix? Can someone provide a pointer 
on how can I configure the STS client and/or STS server to sign the SAML token 
with RSA-SHA256?



Thanks,

Gang

Reply via email to