Flag to disable disallowAlg http://www.w3.org/2000/09/xmldsig#rsa-sha1 #92
Comments
|
I thought that as of version 1.42.0 we used an image that enables that rsa-sha1 algorithm. That is what FusionAuth/fusionauth-issues#1814 was about, and that landed in 1.37. Just so I'm clear, @nodesocket , you are trying to use the standard FusionAuth docker image, verison 1.42.0, which you are finding doesn't allow your users to use the rsa-sha1 algorithm? |
|
@mooreds thanks for the reply. I did not realize that the image should already manually enable |
|
Great, let us know. |
|
We are facing this issue with the hosted version, is there a way to enable it for legacy SAML providers on the fusionauth hosted service? |
|
@mysterio21 are you saying you are using FusionAuth cloud and need this behavior? If so, please file a support ticket: https://account.fusionauth.io/account/support/ asking for this. Please include the version of FusionAuth you are running, and feel free to reference this issue. If you are saying something else and I am misunderstanding, please explain further. |
|
@mooreds - That is correct. We have just created a ticket in the support. FusionAuth™ version 1.43.0 |
|
Related I believe the Java XML sig library is enabling secure validation by default which disables this alg. Java is really trying to keep us from using this algorithm. Why this is still in use.. I have no idea. 🤷 Needs some investigation, will likely work it via the above linked GH issue. |
|
Closing. This is a FusionAuth configuration issue, that will be addressed via FusionAuth/fusionauth-issues#2160. |
Due to upgrading to the latest version of FusionAuth
1.42.0, this following issue affects us and our end users. FusionAuth/fusionauth-site#1202Is there a Helm flag to disable
disallowAlg http://www.w3.org/2000/09/xmldsig#rsa-sha1? We need a automated way of making this change to support our legacy SAML customers.The text was updated successfully, but these errors were encountered: