Implement SAML v2.0 service providers by using Fedlets provides information on configuring signing in the Fedlet.
The list of supported signature algorithms is shown in the documentation: Algorithms. You must use the full URL value in the FederationConfig.properties file. For example, for rsa-sha512, you would specify the following value:http://www.w3.org/2001/04/xmldsig-more#rsa-sha512
ForgeRock strongly recommends using *SHA-256 variants (rsa-sha256 or ecdsa-sha256).
You can change the signing algorithm in the Fedlet as follows:
- Update the FederationConfig.properties file (located in the $HOME/fedlet directory) and set the following property to the required algorithm value (per the table in the Overview section): org.forgerock.openam.saml2.query.signature.alg.rsa=For example, to use the rsa-sha256 algorithm, you would set this property as follows: org.forgerock.openam.saml2.query.signature.alg.rsa=http://www.w3.org/2001/04/xmldsig-more#rsa-sha256
- Restart the web application container in which the Fedlet runs to apply these changes.