Add Elliptic Curve signature algorithms to CA SSO federation

Idea created by bonen02 Employee on May 17, 2018
    Currently Planned
    Score0

    CA SSO Federation module does not allow to use any algorithm in signatures stronger than RSA-SHA256

     

    As stated by the latest SAML standard "Any algorithm defined for use with the XML Signature specification MAY be used." Source is Oasis' specification for algorithms and latest errata available for SAML:

     

    Available algorithm should include ECDSA Signatures and digest algorithm up to SHA 512, as defined by the W3C document "XML Signature Syntax and Processing" ("http://www.w3.org/TR/xmldsig-core/")