Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Add support for Saml2 EncryptedAssertion #734

Closed
brentschmaltz opened this issue Sep 15, 2017 · 5 comments · May be fixed by #1025
Closed

Add support for Saml2 EncryptedAssertion #734

brentschmaltz opened this issue Sep 15, 2017 · 5 comments · May be fixed by #1025
Labels
Enhancement The issue is a new feature Internal Indicates issue was opened by the IdentityModel team P2 High, but not urgent. Needs to be addressed within the next couple of sprints
Milestone
6.9.1

Comments

@brentschmaltz
Copy link
Member

Saml2 tokens can have encrypted assertions, we didn't get them into 5.2.0.
@brentschmaltz brentschmaltz added this to the 5.x Release milestone Sep 15, 2017
@brentschmaltz brentschmaltz added the Enhancement The issue is a new feature label Sep 15, 2017
@brentschmaltz brentschmaltz mentioned this issue Oct 27, 2017
Closed
@Tratcher Tratcher mentioned this issue Jan 12, 2018
Closed
@viktor-nikolaev
Copy link

Up
ps. Saml1 token also can be encrypted

@brentschmaltz brentschmaltz mentioned this issue Mar 22, 2018
Closed
@Extant-1
Copy link

+1

This feature would be very much welcome to avoid having to write a custom TokenValidator

@brentschmaltz brentschmaltz modified the milestones: 5.x Release, 5.2.3 Apr 25, 2018
@brentschmaltz
Copy link
Member Author

@Veikedo @Extant-1 I marked this for 5.2.3 (June 2018). It may be a stretch, I'll cost it out.

@brentschmaltz brentschmaltz self-assigned this May 31, 2018
@brentschmaltz brentschmaltz modified the milestones: 5.2.3, 5.x Release, 5.2.4 Jun 14, 2018
@brentschmaltz
Copy link
Member Author

Moved to 5.2.4

@brentschmaltz brentschmaltz mentioned this issue Jul 19, 2018
Closed
@brentschmaltz brentschmaltz assigned GeoK and unassigned brentschmaltz Aug 10, 2018
@brentschmaltz brentschmaltz modified the milestones: 5.2.5, 5.2.6 Aug 15, 2018
@GeoK GeoK mentioned this issue Aug 15, 2018
Closed
GeoK added a commit that referenced this issue Aug 15, 2018
@GeoK
Add X509EncryptedCredentials class
bd0aa21 
* If only the certificate is provided, key wrap encryption algorithm
and data encryption algorithm will be set by default to RsaOaepKeyWrap
and A128CBC-HS256, respectively.

* Add internal const strings DefaultAsymmetricKeyWrapAlgorithm and
DefaultSymmetricAlgorithm to indicate the default algorithms used for
encryption

* Add new ctor to EncryptingCredentials to allow users to pass
only a 'shared' symmetric key which will be used to encrypt data, but
it will not be serialized to a SAML token.

* Add protected ctor to EncryptingCredentials to check if a certificate
passed to X509EncryptedCredentials is null. Provides cleaner stack
trace in case of an exception caused by a null cert.

* Refactor EncryptingCredentials so null/empty checks are moved
to setters

Resolves: #995
See also: #734
GeoK added a commit that referenced this issue Aug 16, 2018
@GeoK
Add X509EncryptedCredentials class
5a6659b 
If only a certificate is provided, key wrap encryption algorithm
and data encryption algorithm will be set by default to RsaOaepKeyWrap
and A128CBC-HS256, respectively.

* Add new ctor to EncryptingCredentials to allow users to pass
only a 'shared' symmetric key which will be used to encrypt data, but
it will not be serialized to a SAML token.

* Add internal const strings DefaultAsymmetricKeyWrapAlgorithm and
DefaultSymmetricAlgorithm to indicate the default algorithms used for
key wrap and data encryption

* Add protected ctor to EncryptingCredentials to check if a certificate
passed to X509EncryptedCredentials is null. Provides cleaner stack
trace in case of an exception caused by a null cert.

* Refactor EncryptingCredentials. Move null/empty checks to setters
and provide clearer comments

* Add tests for X509EncryiptingCredentials and EncryptingCredentials
classes

Resolves: #995
See also: #734
@GeoK GeoK mentioned this issue Aug 16, 2018
Merged
GeoK added a commit that referenced this issue Aug 18, 2018
@GeoK
Add X509EncryptedCredentials class
2dec45b 
If only a certificate is provided, key wrap encryption algorithm
and data encryption algorithm will be set by default to RsaOaepKeyWrap
and A128CBC-HS256, respectively.

* Add new ctor to EncryptingCredentials to allow users to pass
only a 'shared' symmetric key which will be used to encrypt data, but
it will not be serialized to a SAML token.

* Add internal const strings DefaultAsymmetricKeyWrapAlgorithm and
DefaultSymmetricAlgorithm to indicate the default algorithms used for
key wrap and data encryption

* Add protected ctor to EncryptingCredentials to check if a certificate
passed to X509EncryptedCredentials is null. Provides cleaner stack
trace in case of an exception caused by a null cert.

* Refactor EncryptingCredentials. Move null/empty checks to setters
and provide clearer comments

* Add tests for X509EncryiptingCredentials and EncryptingCredentials
classes

Resolves: #995
See also: #734
GeoK added a commit that referenced this issue Aug 18, 2018
@GeoK
Add X509EncryptedCredentials class
71092ac 
If only a certificate is provided, key wrap encryption algorithm
and data encryption algorithm will be set by default to RsaOaepKeyWrap
and A128CBC-HS256, respectively.

* Add new ctor to EncryptingCredentials to allow users to pass
only a 'shared' symmetric key which will be used to encrypt data, but
it will not be serialized to a SAML token.

* Add internal const strings DefaultAsymmetricKeyWrapAlgorithm and
DefaultSymmetricAlgorithm to indicate the default algorithms used for
key wrap and data encryption

* Add protected ctor to EncryptingCredentials to check if a certificate
passed to X509EncryptedCredentials is null. Provides cleaner stack
trace in case of an exception caused by a null cert.

* Refactor EncryptingCredentials. Move null/empty checks to setters
and provide clearer comments

* Add tests for X509EncryiptingCredentials and EncryptingCredentials
classes

Resolves: #995
See also: #734
GeoK added a commit that referenced this issue Aug 21, 2018
@GeoK
Add X509EncryptedCredentials class
e9fe530 
If only a certificate is provided, the key wrap algorithm and data
encryption algorithm will be set by default to RsaOaepKeyWrap and
A128CBC-HS256, respectively.

* Add new ctor to EncryptingCredentials to allow users to pass
only a 'shared' symmetric key which will be used to encrypt data, but
it will not be serialized to a SAML token.

* Add internal const strings DefaultAsymmetricKeyWrapAlgorithm and
DefaultSymmetricEncryptionAlgorithm to indicate default algorithms
used for key wrap and data encryption

* Add protected ctor to EncryptingCredentials to check if a certificate
passed to X509EncryptedCredentials is null. Provides cleaner stack
trace in case of an exception caused by a null cert.

* Refactor EncryptingCredentials. Move null/empty checks to setters
and provide clearer comments

* Add tests for X509EncryiptingCredentials and EncryptingCredentials
classes

Resolves: #995
See also: #734
brentschmaltz pushed a commit that referenced this issue Sep 20, 2018
@GeoK @brentschmaltz
Add X509EncryptedCredentials class
52f9122 
If only a certificate is provided, the key wrap algorithm and data
encryption algorithm will be set by default to RsaOaepKeyWrap and
A128CBC-HS256, respectively.

* Add new ctor to EncryptingCredentials to allow users to pass
only a 'shared' symmetric key which will be used to encrypt data, but
it will not be serialized to a SAML token.

* Add internal const strings DefaultAsymmetricKeyWrapAlgorithm and
DefaultSymmetricEncryptionAlgorithm to indicate default algorithms
used for key wrap and data encryption

* Add protected ctor to EncryptingCredentials to check if a certificate
passed to X509EncryptedCredentials is null. Provides cleaner stack
trace in case of an exception caused by a null cert.

* Refactor EncryptingCredentials. Move null/empty checks to setters
and provide clearer comments

* Add tests for X509EncryiptingCredentials and EncryptingCredentials
classes

Resolves: #995
See also: #734
@GeoK GeoK mentioned this issue Sep 26, 2018
Open
@GeoK GeoK modified the milestones: 5.3.1, 5.x Release Dec 14, 2018
@GeoK GeoK modified the milestones: 5.x Release, 6.x Apr 26, 2019
@brentschmaltz brentschmaltz modified the milestones: 6.x, 5.6.1 Oct 10, 2019
@AndersAbel AndersAbel mentioned this issue Apr 15, 2020
Closed
@brentschmaltz brentschmaltz modified the milestones: 5.7.0, 6.6.0 May 1, 2020
@brentschmaltz brentschmaltz added the Internal Indicates issue was opened by the IdentityModel team label May 12, 2020
@brentschmaltz brentschmaltz modified the milestones: v6 Next + 1, 6.8.1 Oct 26, 2020
@brentschmaltz brentschmaltz added the P2 High, but not urgent. Needs to be addressed within the next couple of sprints label Oct 29, 2020
@mafurman mafurman modified the milestones: 6.8.1, 6.8.2 Jan 13, 2021
@brentschmaltz
Copy link
Member Author

No need for this now, removing until needed.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
Enhancement The issue is a new feature Internal Indicates issue was opened by the IdentityModel team P2 High, but not urgent. Needs to be addressed within the next couple of sprints
Projects
None yet
Milestone
6.9.1
Development

Successfully merging a pull request may close this issue.

Saml2EncryptedAssertion AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet
5 participants
@GeoK @brentschmaltz @viktor-nikolaev @Extant-1 @mafurman