How To
ForgeRock Identity Platform
Does not apply to Identity Cloud

How do I change the algorithm used to sign SAML requests in the Fedlet in AM (All versions)?

Last updated Jan 16, 2023

The purpose of this article is to provide information on changing the signature algorithm used to sign SAML requests in the Java® Fedlet in AM.


1 reader recommends this article

Overview

Implement SAML v2.0 service providers by using Fedlets provides information on configuring signing in the Fedlet.

The list of supported signature algorithms is shown in the documentation: Algorithms. You must use the full URL value in the FederationConfig.properties file. For example, for rsa-sha512, you would specify the following value:

http://www.w3.org/2001/04/xmldsig-more#rsa-sha512
Note

ForgeRock strongly recommends using *SHA-256 variants (rsa-sha256 or ecdsa-sha256).

Changing the signing algorithm

You can change the signing algorithm in the Fedlet as follows:

  1. Update the FederationConfig.properties file (located in the $HOME/fedlet directory) and set the following property to the required algorithm value (per the table in the Overview section): org.forgerock.openam.saml2.query.signature.alg.rsa=For example, to use the rsa-sha256 algorithm, you would set this property as follows: org.forgerock.openam.saml2.query.signature.alg.rsa=http://www.w3.org/2001/04/xmldsig-more#rsa-sha256
  2. Restart the web application container in which the Fedlet runs to apply these changes.

See Also

FAQ: SAML2 federation in AM

SAML 2.0 federation in AM

Implement SAML v2.0 service providers by using Fedlets

Related Training

N/A

Related Issue Tracker IDs

N/A


Copyright and Trademarks Copyright © 2023 ForgeRock, all rights reserved.