Your browser was unable to load all of the resources. They may have been blocked by your firewall, proxy or browser configuration.
Press Ctrl+F5 or Ctrl+Shift+R to have your browser try again.

How do I set properties for java-saml(sso) in QB10? #4221

JerryLee ·

Hello,
According to java-saml github, the property setting could be done by properties config file.


Could you let me know how do set it QB10?

  • replies 3
  • views 1537
  • stars 0
robinshen ADMIN ·
JerryLee ·

Hello,
Please check that README of java-saml github.
It tells SP could change some configuration such as encryption and signatures and others.
If we cannot change IdP setting, we may need to change SP setting.

I am asking about this 'Settings' section.

Settings

First of all we need to configure the toolkit. The SP's info, the IdP's info, and in some cases, configuration for advanced security issues, such as signatures and encryption.
Properties File

All the settings are defined in one unique file; by default, the Auth class loads a onelogin.saml.properties file with the Auth() method, but if we named it in a different way, we can use Auth(filename);

Here are the list of properties to be defined on the settings file:

For instance, our IdP uses sha256 instead of sha1.
According to README, java-saml(com.onelogin.saml2) could change algorithm to set this defined setting file.

# Algorithm that the toolkit will use on signing process. Options:
#  'http://www.w3.org/2000/09/xmldsig#rsa-sha1'
#  'http://www.w3.org/2000/09/xmldsig#dsa-sha1'
#  'http://www.w3.org/2001/04/xmldsig-more#rsa-sha256'
#  'http://www.w3.org/2001/04/xmldsig-more#rsa-sha384'
#  'http://www.w3.org/2001/04/xmldsig-more#rsa-sha512'
onelogin.saml2.security.signature_algorithm = http://www.w3.org/2000/09/xmldsig#rsa-sha1

So here is my question.
Where should I put 'onelogin.saml.properties' file to apply it?

robinshen ADMIN ·

For now, there is no place to configure signature/encryption algorithms. The default one is used (and tested with Okta and samltest). Please list settings you want to customize and we will provide UI to configure it.