Setting the ExtendedMetadata 'signingAlgorithm' field

Question

I\'m having an issue getting the Spring SAML integration to generate the correct metadata file for my IdP. I was issued new SHA256 SSL certs. I\'ve gone through all of the

Answer 1

After making the changes in SAMLBootstrap for global security config , I ran into below exception :

org.apache.xml.security.signature.XMLSignatureException: The requested algorithm SHA256withRSA does not exist. Original Message was: SHA256withRSA MessageDigest not available at org.apache.xml.security.algorithms.MessageDigestAlgorithm.getDigestInstance(Unknown Source) at org.apache.xml.security.algorithms.MessageDigestAlgorithm.getInstance(Unknown Source) at org.apache.xml.security.signature.Reference.(Unknown Source) at org.apache.xml.security.signature.Manifest.addDocument(Unknown Source) at org.apache.xml.security.signature.XMLSignature.addDocument(Unknown Source)

After further investigation found that the Apache XML Security xmlsec-1.4.3.jar does not support the underlying SHA256withRSA algorithm.

Resolution : Use xmlsec-2.0.2.jar from https://mvnrepository.com/artifact/org.apache.santuario/xmlsec/2.0.2

This new jar resolved the issue .