From 0c217c017ee65e0d1e195b059d8547467532b095 Mon Sep 17 00:00:00 2001 From: Douglas Palmer Date: Tue, 17 Jan 2023 07:46:10 -0800 Subject: [PATCH] Update tooltips for 'Signature algorithm' for SAML client and SAML Identity provider (#4176) closes #4167 --- apps/admin-ui/public/resources/en/clients-help.json | 2 +- apps/admin-ui/public/resources/en/identity-providers-help.json | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/apps/admin-ui/public/resources/en/clients-help.json b/apps/admin-ui/public/resources/en/clients-help.json index 574e19ddf0..9ffc4e268b 100644 --- a/apps/admin-ui/public/resources/en/clients-help.json +++ b/apps/admin-ui/public/resources/en/clients-help.json @@ -24,7 +24,7 @@ "optimizeLookup": "When signing SAML documents in REDIRECT binding for SP that is secured by Keycloak adapter, should the ID of the signing key be included in SAML protocol message in element? This optimizes validation of the signature as the validating party uses a single key instead of trying every known key for validation.", "signDocuments": "Should SAML documents be signed by the realm?", "signAssertions": "Should assertions inside SAML documents be signed? This setting is not needed if document is already being signed.", - "signatureAlgorithm": "The signature algorithm to use to sign documents.", + "signatureAlgorithm": "The signature algorithm to use to sign documents. Note that 'SHA1' based algorithms are deprecated and can be removed in the future. It is recommended to stick to some more secure algorithm instead of '*_SHA1'", "signatureKeyName": "Signed SAML documents contain identification of signing key in KeyName element. For Keycloak / RH-SSO counterparty, use KEY_ID, for MS AD FS use CERT_SUBJECT, for others check and use NONE if no other option works.", "canonicalization": "Canonicalization Method for XML signatures.", "webOrigins": "Allowed CORS origins. To permit all origins of Valid Redirect URIs, add '+'. This does not include the '*' wildcard though. To permit all origins, explicitly add '*'.", diff --git a/apps/admin-ui/public/resources/en/identity-providers-help.json b/apps/admin-ui/public/resources/en/identity-providers-help.json index df9a84fe46..1386b489fc 100644 --- a/apps/admin-ui/public/resources/en/identity-providers-help.json +++ b/apps/admin-ui/public/resources/en/identity-providers-help.json @@ -52,7 +52,7 @@ "httpPostBindingAuthnRequest": "Indicates whether the AuthnRequest must be sent using HTTP-POST binding. If false, HTTP-REDIRECT binding will be used.", "httpPostBindingLogout": "Indicates whether to respond to requests using HTTP-POST binding. If false, HTTP-REDIRECT binding will be used.", "wantAuthnRequestsSigned": "Indicates whether the identity provider expects a signed AuthnRequest.", - "signatureAlgorithm": "The signature algorithm to use to sign documents.", + "signatureAlgorithm": "The signature algorithm to use to sign documents. Note that 'SHA1' based algorithms are deprecated and can be removed in the future. It is recommended to stick to some more secure algorithm instead of '*_SHA1'", "samlSignatureKeyName": "Signed SAML documents contain identification of signing key in KeyName element. For Keycloak / RH-SSO counter-party, use KEY_ID, for MS AD FS use CERT_SUBJECT, for others check and use NONE if no other option works.", "wantAssertionsSigned": "Indicates whether this service provider expects a signed Assertion.", "wantAssertionsEncrypted": "Indicates whether this service provider expects an encrypted Assertion.",