Add "Encryption algorithm" option of SAML IDP (#4240)
* Add "Encryption algorithm" option of SAML IDP closes #4173 * Apply review feedback Co-authored-by: Jon Koops <jonkoops@gmail.com>
This commit is contained in:
parent
ba2fc5f4ec
commit
12ea4e16f3
3 changed files with 39 additions and 0 deletions
|
@ -53,6 +53,7 @@
|
||||||
"httpPostBindingLogout": "Indicates whether to respond to requests using HTTP-POST binding. If false, HTTP-REDIRECT binding will be used.",
|
"httpPostBindingLogout": "Indicates whether to respond to requests using HTTP-POST binding. If false, HTTP-REDIRECT binding will be used.",
|
||||||
"wantAuthnRequestsSigned": "Indicates whether the identity provider expects a signed AuthnRequest.",
|
"wantAuthnRequestsSigned": "Indicates whether the identity provider expects a signed AuthnRequest.",
|
||||||
"signatureAlgorithm": "The signature algorithm to use to sign documents. Note that 'SHA1' based algorithms are deprecated and can be removed in the future. It is recommended to stick to some more secure algorithm instead of '*_SHA1'",
|
"signatureAlgorithm": "The signature algorithm to use to sign documents. Note that 'SHA1' based algorithms are deprecated and can be removed in the future. It is recommended to stick to some more secure algorithm instead of '*_SHA1'",
|
||||||
|
"encryptionAlgorithm": "Encryption algorithm, which is used by SAML IDP for encryption of SAML documents, assertions or IDs. The corresponding decryption key for decrypt SAML document parts will be chosen based on this configured algorithm and should be available in realm keys for the encryption (ENC) usage. If algorithm is not configured, then any supported algorithm is allowed and decryption key will be chosen based on the algorithm configured in SAML document itself.",
|
||||||
"samlSignatureKeyName": "Signed SAML documents contain identification of signing key in KeyName element. For Keycloak / RH-SSO counter-party, use KEY_ID, for MS AD FS use CERT_SUBJECT, for others check and use NONE if no other option works.",
|
"samlSignatureKeyName": "Signed SAML documents contain identification of signing key in KeyName element. For Keycloak / RH-SSO counter-party, use KEY_ID, for MS AD FS use CERT_SUBJECT, for others check and use NONE if no other option works.",
|
||||||
"wantAssertionsSigned": "Indicates whether this service provider expects a signed Assertion.",
|
"wantAssertionsSigned": "Indicates whether this service provider expects a signed Assertion.",
|
||||||
"wantAssertionsEncrypted": "Indicates whether this service provider expects an encrypted Assertion.",
|
"wantAssertionsEncrypted": "Indicates whether this service provider expects an encrypted Assertion.",
|
||||||
|
|
|
@ -75,6 +75,7 @@
|
||||||
"httpPostBindingLogout": "HTTP-POST binding logout",
|
"httpPostBindingLogout": "HTTP-POST binding logout",
|
||||||
"wantAuthnRequestsSigned": "Want AuthnRequests signed",
|
"wantAuthnRequestsSigned": "Want AuthnRequests signed",
|
||||||
"signatureAlgorithm": "Signature algorithm",
|
"signatureAlgorithm": "Signature algorithm",
|
||||||
|
"encryptionAlgorithm": "Encryption Algorithm",
|
||||||
"samlSignatureKeyName": "SAML signature key name",
|
"samlSignatureKeyName": "SAML signature key name",
|
||||||
"wantAssertionsSigned": "Want Assertions signed",
|
"wantAssertionsSigned": "Want Assertions signed",
|
||||||
"wantAssertionsEncrypted": "Want Assertions encrypted",
|
"wantAssertionsEncrypted": "Want Assertions encrypted",
|
||||||
|
|
|
@ -37,6 +37,8 @@ const Fields = ({ readOnly }: DescriptorSettingsProps) => {
|
||||||
useState(false);
|
useState(false);
|
||||||
const [signatureAlgorithmDropdownOpen, setSignatureAlgorithmDropdownOpen] =
|
const [signatureAlgorithmDropdownOpen, setSignatureAlgorithmDropdownOpen] =
|
||||||
useState(false);
|
useState(false);
|
||||||
|
const [encryptionAlgorithmDropdownOpen, setEncryptionAlgorithmDropdownOpen] =
|
||||||
|
useState(false);
|
||||||
const [
|
const [
|
||||||
samlSignatureKeyNameDropdownOpen,
|
samlSignatureKeyNameDropdownOpen,
|
||||||
setSamlSignatureKeyNameDropdownOpen,
|
setSamlSignatureKeyNameDropdownOpen,
|
||||||
|
@ -374,6 +376,41 @@ const Fields = ({ readOnly }: DescriptorSettingsProps) => {
|
||||||
)}
|
)}
|
||||||
></Controller>
|
></Controller>
|
||||||
</FormGroup>
|
</FormGroup>
|
||||||
|
<FormGroup
|
||||||
|
label={t("encryptionAlgorithm")}
|
||||||
|
labelIcon={
|
||||||
|
<HelpItem
|
||||||
|
helpText={th("encryptionAlgorithm")}
|
||||||
|
fieldLabelId="identity-provider:encryptionAlgorithm"
|
||||||
|
/>
|
||||||
|
}
|
||||||
|
fieldId="kc-encryptionAlgorithm"
|
||||||
|
>
|
||||||
|
<Controller
|
||||||
|
name="config.encryptionAlgorithm"
|
||||||
|
defaultValue="RSA-OAEP"
|
||||||
|
control={control}
|
||||||
|
render={({ field }) => (
|
||||||
|
<Select
|
||||||
|
toggleId="kc-encryptionAlgorithm"
|
||||||
|
onToggle={(isExpanded) =>
|
||||||
|
setEncryptionAlgorithmDropdownOpen(isExpanded)
|
||||||
|
}
|
||||||
|
isOpen={encryptionAlgorithmDropdownOpen}
|
||||||
|
onSelect={(_, value) => {
|
||||||
|
field.onChange(value.toString());
|
||||||
|
setEncryptionAlgorithmDropdownOpen(false);
|
||||||
|
}}
|
||||||
|
selections={field.value}
|
||||||
|
variant={SelectVariant.single}
|
||||||
|
isDisabled={readOnly}
|
||||||
|
>
|
||||||
|
<SelectOption value="RSA-OAEP" />
|
||||||
|
<SelectOption value="RSA1_5" />
|
||||||
|
</Select>
|
||||||
|
)}
|
||||||
|
></Controller>
|
||||||
|
</FormGroup>
|
||||||
<FormGroup
|
<FormGroup
|
||||||
label={t("samlSignatureKeyName")}
|
label={t("samlSignatureKeyName")}
|
||||||
labelIcon={
|
labelIcon={
|
||||||
|
|
Loading…
Reference in a new issue