diff --git a/config-templates/authsources.php b/config-templates/authsources.php
index 2588ed784f5d20c9ea3d8d500a6ca31ef465b37b..4b0dbc5964af883499648b374c01049c73d4cd93 100644
--- a/config-templates/authsources.php
+++ b/config-templates/authsources.php
@@ -28,26 +28,6 @@ $config = array(
// Can be NULL/unset, in which case a builtin discovery service will be used.
'discoURL' => null,
- /*
- * WARNING: SHA-1 is disallowed starting January the 1st, 2014.
- *
- * Uncomment the following option to start using SHA-256 for your signatures.
- * Currently, SimpleSAMLphp defaults to SHA-1, which has been deprecated since
- * 2011, and will be disallowed by NIST as of 2014. Please refer to the following
- * document for more information:
- *
- * http://csrc.nist.gov/publications/nistpubs/800-131A/sp800-131A.pdf
- *
- * If you are uncertain about identity providers supporting SHA-256 or other
- * algorithms of the SHA-2 family, you can configure it individually in the
- * IdP-remote metadata set for those that support it. Once you are certain that
- * all your configured IdPs support SHA-2, you can safely remove the configuration
- * options in the IdP-remote metadata set and uncomment the following option.
- *
- * Please refer to the hosted SP configuration reference for more information.
- */
- //'signature.algorithm' => 'http://www.w3.org/2001/04/xmldsig-more#rsa-sha256',
-
/*
* The attributes parameter must contain an array of desired attributes by the SP.
* The attributes can be expressed as an array of names or as an associative array
diff --git a/docs/simplesamlphp-advancedfeatures.md b/docs/simplesamlphp-advancedfeatures.md
index 71abf8f56072b624191d758697b6f1bbe314f520..5bf8d163ab3c017cc4db54d6ccb11f4f05463975 100644
--- a/docs/simplesamlphp-advancedfeatures.md
+++ b/docs/simplesamlphp-advancedfeatures.md
@@ -93,11 +93,12 @@ SimpleSAMLphp supports signing of the metadata it generates. Metadata signing is
- `metadata.sign.privatekey`: Name of the file with the private key which should be used to sign the metadata. This file must exist in in the `cert` directory.
- `metadata.sign.privatekey_pass`: Passphrase which should be used to open the private key. This parameter is optional, and should be left out if the private key is unencrypted.
- `metadata.sign.certificate`: Name of the file with the certificate which matches the private key. This file must exist in in the `cert` directory.
-- `metadata.sign.algorithm`: The algorithm to use when signing metadata for this entity. Defaults to RSA-SHA1. Possible values:
+- `metadata.sign.algorithm`: The algorithm to use when signing metadata for this entity. Defaults to RSA-SHA256. Possible values:
* `http://www.w3.org/2000/09/xmldsig#rsa-sha1`
*Note*: the use of SHA1 is **deprecated** and will be disallowed in the future.
* `http://www.w3.org/2001/04/xmldsig-more#rsa-sha256`
+ The default.
* `http://www.w3.org/2001/04/xmldsig-more#rsa-sha384`
* `http://www.w3.org/2001/04/xmldsig-more#rsa-sha512`
diff --git a/docs/simplesamlphp-changelog.md b/docs/simplesamlphp-changelog.md
index dd140bec23a5a961a16f799d9965d5e2151d7188..fe1d276109dd09281d880b35be7f5fc80872b62b 100644
--- a/docs/simplesamlphp-changelog.md
+++ b/docs/simplesamlphp-changelog.md
@@ -11,6 +11,7 @@ See the upgrade notes for specific information about upgrading.
Released TBD
### Changes
+ * Default signature algorithm is now SHA-256.
* Renamed class `SimpleSAML_Error_BadUserInnput` to `SimpleSAML_Error_BadUserInput`
* PHP 7.2 compatibility, including removing deprecated use of assert with string.
* Avoid logging database credentials in backtraces.
diff --git a/docs/simplesamlphp-reference-idp-hosted.md b/docs/simplesamlphp-reference-idp-hosted.md
index 712e2b45c4195569992cd5a240e51de5c876e05b..ba558066e3e5ca226eed9ae9d80e1c1d75cbd406 100644
--- a/docs/simplesamlphp-reference-idp-hosted.md
+++ b/docs/simplesamlphp-reference-idp-hosted.md
@@ -329,12 +329,13 @@ The following SAML 2.0 options are available:
the default one.
`signature.algorithm`
-: The algorithm to use when signing any message generated by this identity provider. Defaults to RSA-SHA1.
+: The algorithm to use when signing any message generated by this identity provider. Defaults to RSA-SHA256.
: Possible values:
* `http://www.w3.org/2000/09/xmldsig#rsa-sha1`
*Note*: the use of SHA1 is **deprecated** and will be disallowed in the future.
* `http://www.w3.org/2001/04/xmldsig-more#rsa-sha256`
+ The default.
* `http://www.w3.org/2001/04/xmldsig-more#rsa-sha384`
* `http://www.w3.org/2001/04/xmldsig-more#rsa-sha512`
diff --git a/docs/simplesamlphp-reference-idp-remote.md b/docs/simplesamlphp-reference-idp-remote.md
index cfa993104526ef1865ab9297b6fed033965a9182..7908ebc3966748e4cce3b5bb1fe91ab56b610391 100644
--- a/docs/simplesamlphp-reference-idp-remote.md
+++ b/docs/simplesamlphp-reference-idp-remote.md
@@ -152,7 +152,7 @@ The following SAML 2.0 options are available:
: Endpoint URL for logout responses. Overrides the `SingleLogoutService`-option for responses.
`signature.algorithm`
-: The algorithm to use when signing any message sent to this specific identity provider. Defaults to RSA-SHA1.
+: The algorithm to use when signing any message sent to this specific identity provider. Defaults to RSA-SHA256.
: Note that this option also exists in the SP configuration.
This value in the IdP remote metadata overrides the value in the SP configuration.
: Possible values:
@@ -160,6 +160,7 @@ The following SAML 2.0 options are available:
* `http://www.w3.org/2000/09/xmldsig#rsa-sha1`
*Note*: the use of SHA1 is **deprecated** and will be disallowed in the future.
* `http://www.w3.org/2001/04/xmldsig-more#rsa-sha256`
+ The default.
* `http://www.w3.org/2001/04/xmldsig-more#rsa-sha384`
* `http://www.w3.org/2001/04/xmldsig-more#rsa-sha512`
diff --git a/docs/simplesamlphp-reference-sp-remote.md b/docs/simplesamlphp-reference-sp-remote.md
index 943c862626dd4cce16b6c3d31449c399569c610d..2eb7efd320ad19b3eff355fe6e75b078ccee9882 100644
--- a/docs/simplesamlphp-reference-sp-remote.md
+++ b/docs/simplesamlphp-reference-sp-remote.md
@@ -238,7 +238,7 @@ The following SAML 2.0 options are available:
The value in the SP-remote metadata overrides the value in the IdP-hosted metadata.
`signature.algorithm`
-: The algorithm to use when signing any message sent to this specific service provider. Defaults to RSA-SHA1.
+: The algorithm to use when signing any message sent to this specific service provider. Defaults to RSA-SHA256.
: Note that this option also exists in the IdP-hosted metadata.
The value in the SP-remote metadata overrides the value in the IdP-hosted metadata.
: Possible values:
@@ -246,6 +246,7 @@ The following SAML 2.0 options are available:
* `http://www.w3.org/2000/09/xmldsig#rsa-sha1`
*Note*: the use of SHA1 is **deprecated** and will be disallowed in the future.
* `http://www.w3.org/2001/04/xmldsig-more#rsa-sha256`
+ The default.
* `http://www.w3.org/2001/04/xmldsig-more#rsa-sha384`
* `http://www.w3.org/2001/04/xmldsig-more#rsa-sha512`
diff --git a/docs/simplesamlphp-upgrade-notes-1.16.md b/docs/simplesamlphp-upgrade-notes-1.16.md
index 883f0a91c8e1977e9f668343a842e4d4837b4ce7..a9550537978e9549916d3b1300537ed1d203d768 100644
--- a/docs/simplesamlphp-upgrade-notes-1.16.md
+++ b/docs/simplesamlphp-upgrade-notes-1.16.md
@@ -1,6 +1,13 @@
Upgrade notes for SimpleSAMLphp 1.16
====================================
-The class `SimpleSAML_Error_BadUserInnput` has been renamed to `SimpleSAML_Error_BadUserInput`.
+The default signature algoritm is now SHA-256 (SHA-1 has been considered
+obsolete since 2014). For entities that need it, you can switch back to
+SHA-1 by setting the `signature.algorithm` option in the remote entity
+metadata.
-The `authmyspace` module has been removed since the service is no longer available.
+The class `SimpleSAML_Error_BadUserInnput` has been renamed to
+`SimpleSAML_Error_BadUserInput`.
+
+The `authmyspace` module has been removed since the service is no longer
+available.
diff --git a/lib/SimpleSAML/Metadata/SAMLParser.php b/lib/SimpleSAML/Metadata/SAMLParser.php
index bbcb86144a5cd614568c47091ed4a8f7807857d5..28c7f7806a67754d88e1326d0f5685056acb4ec9 100644
--- a/lib/SimpleSAML/Metadata/SAMLParser.php
+++ b/lib/SimpleSAML/Metadata/SAMLParser.php
@@ -1431,7 +1431,7 @@ class SimpleSAML_Metadata_SAMLParser
$certData = file_get_contents($certFile);
foreach ($this->validators as $validator) {
- $key = new XMLSecurityKey(XMLSecurityKey::RSA_SHA1, array('type' => 'public'));
+ $key = new XMLSecurityKey(XMLSecurityKey::RSA_SHA256, array('type' => 'public'));
$key->loadKey($certData);
try {
if ($validator->validate($key)) {
diff --git a/lib/SimpleSAML/Metadata/Signer.php b/lib/SimpleSAML/Metadata/Signer.php
index 6397a75da7511da53f18966bc234ebbf7026ed29..98bfbbe8f16aa17fbf70f28ca84277fcab5ed102 100644
--- a/lib/SimpleSAML/Metadata/Signer.php
+++ b/lib/SimpleSAML/Metadata/Signer.php
@@ -153,8 +153,6 @@ class SimpleSAML_Metadata_Signer
* algorithms to use, respectively.
*
* @throws \SimpleSAML\Error\CriticalConfigurationError
- *
- * @todo change to SHA256 by default.
*/
private static function getMetadataSigningAlgorithm($config, $entityMetadata, $type)
{
@@ -168,7 +166,7 @@ class SimpleSAML_Metadata_Signer
}
$alg = $entityMetadata['metadata.sign.algorithm'];
} else {
- $alg = $config->getString('metadata.sign.algorithm', XMLSecurityKey::RSA_SHA1);
+ $alg = $config->getString('metadata.sign.algorithm', XMLSecurityKey::RSA_SHA256);
}
$supported_algs = array(
diff --git a/lib/SimpleSAML/XML/Signer.php b/lib/SimpleSAML/XML/Signer.php
index 2c69e6b3f2da76a007c4474f8e1a11052ddf667e..0aeb8bae921edf3f388d21130a4797581f230985 100644
--- a/lib/SimpleSAML/XML/Signer.php
+++ b/lib/SimpleSAML/XML/Signer.php
@@ -102,7 +102,7 @@ class Signer
assert(is_array($privatekey));
assert(array_key_exists('PEM', $privatekey));
- $this->privateKey = new XMLSecurityKey(XMLSecurityKey::RSA_SHA1, array('type' => 'private'));
+ $this->privateKey = new XMLSecurityKey(XMLSecurityKey::RSA_SHA256, array('type' => 'private'));
if (array_key_exists('password', $privatekey)) {
$this->privateKey->passphrase = $privatekey['password'];
}
@@ -291,7 +291,7 @@ class Signer
$objXMLSecDSig->addReferenceList(
array($node),
- XMLSecurityDSig::SHA1,
+ XMLSecurityDSig::SHA256,
array('http://www.w3.org/2000/09/xmldsig#enveloped-signature', XMLSecurityDSig::EXC_C14N),
$options
);
diff --git a/metadata-templates/saml20-idp-hosted.php b/metadata-templates/saml20-idp-hosted.php
index 81a2007267ccc0e46573b2a8ba7cb025a626e1df..7acd4037369f3084a6a632139a92396f8350a9b7 100644
--- a/metadata-templates/saml20-idp-hosted.php
+++ b/metadata-templates/saml20-idp-hosted.php
@@ -23,26 +23,6 @@ $metadata['__DYNAMIC:1__'] = array(
*/
'auth' => 'example-userpass',
- /*
- * WARNING: SHA-1 is disallowed starting January the 1st, 2014.
- *
- * Uncomment the following option to start using SHA-256 for your signatures.
- * Currently, SimpleSAMLphp defaults to SHA-1, which has been deprecated since
- * 2011, and will be disallowed by NIST as of 2014. Please refer to the following
- * document for more information:
- *
- * http://csrc.nist.gov/publications/nistpubs/800-131A/sp800-131A.pdf
- *
- * If you are uncertain about service providers supporting SHA-256 or other
- * algorithms of the SHA-2 family, you can configure it individually in the
- * SP-remote metadata set for those that support it. Once you are certain that
- * all your configured SPs support SHA-2, you can safely remove the configuration
- * options in the SP-remote metadata set and uncomment the following option.
- *
- * Please refer to the IdP hosted reference for more information.
- */
- //'signature.algorithm' => 'http://www.w3.org/2001/04/xmldsig-more#rsa-sha256',
-
/* Uncomment the following to use the uri NameFormat on attributes. */
/*
'attributes.NameFormat' => 'urn:oasis:names:tc:SAML:2.0:attrname-format:uri',
diff --git a/metadata-templates/saml20-sp-remote.php b/metadata-templates/saml20-sp-remote.php
index 46262cee186653c68fffc1414e2f11fea2369371..b74e90492073f3d1c33d76025ded319134ef1ebe 100644
--- a/metadata-templates/saml20-sp-remote.php
+++ b/metadata-templates/saml20-sp-remote.php
@@ -25,3 +25,17 @@ $metadata['google.com'] = array(
'simplesaml.nameidattribute' => 'uid',
'simplesaml.attributes' => FALSE,
);
+
+$metadata['https://legacy.example.edu'] = array(
+ 'AssertionConsumerService' => 'https://legacy.example.edu/saml/acs',
+ /*
+ * Currently, SimpleSAMLphp defaults to the SHA-256 hashing algorithm.
+ * Uncomment the following option to use SHA-1 for signatures directed
+ * at this specific service provider if it does not support SHA-256 yet.
+ *
+ * WARNING: SHA-1 is disallowed starting January the 1st, 2014.
+ * Please refer to the following document for more information:
+ * http://csrc.nist.gov/publications/nistpubs/800-131A/sp800-131A.pdf
+ */
+ //'signature.algorithm' => 'http://www.w3.org/2001/04/xmldsig-more#rsa-sha1',
+);
diff --git a/modules/adfs/lib/IdP/ADFS.php b/modules/adfs/lib/IdP/ADFS.php
index f609c7fc18be23a8c0eeb9d331d1e8ec1f33c4fa..c17b4d8a78129d121cf980d66fcc58af408539f5 100644
--- a/modules/adfs/lib/IdP/ADFS.php
+++ b/modules/adfs/lib/IdP/ADFS.php
@@ -110,7 +110,7 @@ MSG;
$responsedom = \SAML2\DOMDocumentFactory::fromString(str_replace("\r", "", $response));
$firstassertionroot = $responsedom->getElementsByTagName('Assertion')->item(0);
$objXMLSecDSig->addReferenceList(
- array($firstassertionroot), XMLSecurityDSig::SHA1,
+ array($firstassertionroot), XMLSecurityDSig::SHA256,
array('http://www.w3.org/2000/09/xmldsig#enveloped-signature', XMLSecurityDSig::EXC_C14N),
array('id_name' => 'AssertionID')
);
@@ -189,17 +189,7 @@ MSG;
$algo = $spMetadata->getString('signature.algorithm', null);
if ($algo === null) {
- /*
- * In the NIST Special Publication 800-131A, SHA-1 became deprecated for generating
- * new digital signatures in 2011, and will be explicitly disallowed starting the 1st
- * of January, 2014. We'll keep this as a default for the next release and mark it
- * as deprecated, as part of the transition to SHA-256.
- *
- * See http://csrc.nist.gov/publications/nistpubs/800-131A/sp800-131A.pdf for more info.
- *
- * TODO: change default to XMLSecurityKey::RSA_SHA256.
- */
- $algo = $idpMetadata->getString('signature.algorithm', XMLSecurityKey::RSA_SHA1);
+ $algo = $idpMetadata->getString('signature.algorithm', XMLSecurityKey::RSA_SHA256);
}
$wresult = sspmod_adfs_IdP_ADFS::signResponse($response, $privateKeyFile, $certificateFile, $algo);
diff --git a/modules/saml/docs/sp.md b/modules/saml/docs/sp.md
index 4e143045594b3c5454cfa07c3c3c757c1065b975..9ee03c584d827514ec4b4c0014a8ba8c0b9bf5f9 100644
--- a/modules/saml/docs/sp.md
+++ b/modules/saml/docs/sp.md
@@ -369,12 +369,13 @@ Options
: *Note*: SAML 2 specific.
`signature.algorithm`
-: The algorithm to use when signing any message generated by this service provider. Defaults to RSA-SHA1.
+: The algorithm to use when signing any message generated by this service provider. Defaults to RSA-SHA256.
: Possible values:
* `http://www.w3.org/2000/09/xmldsig#rsa-sha1`
*Note*: the use of SHA1 is **deprecated** and will be disallowed in the future.
* `http://www.w3.org/2001/04/xmldsig-more#rsa-sha256`
+ The default.
* `http://www.w3.org/2001/04/xmldsig-more#rsa-sha384`
* `http://www.w3.org/2001/04/xmldsig-more#rsa-sha512`
diff --git a/modules/saml/lib/Message.php b/modules/saml/lib/Message.php
index c8fed116d9fb9b807fbed3ce24308e87fe892c9a..b93255517d9a24f1e94a43960f67f31e049afea4 100644
--- a/modules/saml/lib/Message.php
+++ b/modules/saml/lib/Message.php
@@ -34,17 +34,7 @@ class sspmod_saml_Message
$algo = $dstMetadata->getString('signature.algorithm', null);
if ($algo === null) {
- /*
- * In the NIST Special Publication 800-131A, SHA-1 became deprecated for generating
- * new digital signatures in 2011, and will be explicitly disallowed starting the 1st
- * of January, 2014. We'll keep this as a default for the next release and mark it
- * as deprecated, as part of the transition to SHA-256.
- *
- * See http://csrc.nist.gov/publications/nistpubs/800-131A/sp800-131A.pdf for more info.
- *
- * TODO: change default to XMLSecurityKey::RSA_SHA256.
- */
- $algo = $srcMetadata->getString('signature.algorithm', XMLSecurityKey::RSA_SHA1);
+ $algo = $srcMetadata->getString('signature.algorithm', XMLSecurityKey::RSA_SHA256);
}
$privateKey = new XMLSecurityKey($algo, array('type' => 'private'));
@@ -208,7 +198,7 @@ class sspmod_saml_Message
$lastException = null;
foreach ($pemKeys as $i => $pem) {
- $key = new XMLSecurityKey(XMLSecurityKey::RSA_SHA1, array('type' => 'public'));
+ $key = new XMLSecurityKey(XMLSecurityKey::RSA_SHA256, array('type' => 'public'));
$key->loadKey($pem);
try {