OpenSAML user discussion

["Scott Cantor" <>]

> I say 'mostly' because there still is a digest inside the SAML which
> is done with SHA1 and I could not find a way to make this one use
> SHA256.

All I do is pass in whatever algorithm you give me. If xmlsec is internally
forcing SHA-1, it's not because I told it to, so I don't know that I can
override it, but if you say you managed it...

What happens if you pass in the ALGO_ID_SIGNATURE_RSA_SHA256 constant to
sign()?

However, this is all academic. The C++ library and openssl don't support
SHA256 yet, so it's a moot point unless your interest is solely to talk to
implementations you control.

From an interop standpoint, it turns out that RSA-SHA1 is it (excluding
DSA). This is a problem, IMHO, but it's not one we can fix in code because
the spec only required SHA-1.

-- Scott