Hello,
Please check that README of java-saml github.
It tells SP could change some configuration such as encryption and signatures and others.
If we cannot change IdP setting, we may need to change SP setting.
I am asking about this 'Settings' section.
Settings
First of all we need to configure the toolkit. The SP's info, the IdP's info, and in some cases, configuration for advanced security issues, such as signatures and encryption.
Properties File
All the settings are defined in one unique file; by default, the Auth class loads a onelogin.saml.properties file with the Auth() method, but if we named it in a different way, we can use Auth(filename);
Here are the list of properties to be defined on the settings file:
For instance, our IdP uses sha256 instead of sha1.
According to README, java-saml(com.onelogin.saml2) could change algorithm to set this defined setting file.
# Algorithm that the toolkit will use on signing process. Options:
# 'http://www.w3.org/2000/09/xmldsig#rsa-sha1'
# 'http://www.w3.org/2000/09/xmldsig#dsa-sha1'
# 'http://www.w3.org/2001/04/xmldsig-more#rsa-sha256'
# 'http://www.w3.org/2001/04/xmldsig-more#rsa-sha384'
# 'http://www.w3.org/2001/04/xmldsig-more#rsa-sha512'
onelogin.saml2.security.signature_algorithm = http://www.w3.org/2000/09/xmldsig#rsa-sha1
So here is my question.
Where should I put 'onelogin.saml.properties' file to apply it?