Uploaded image for project: 'OpenAM'
  1. OpenAM
  2. OPENAM-14503

SAML2 - Key Transport Algorithm - RSA OAEP must be supported

    Details

    • Type: Bug
    • Status: Resolved
    • Priority: Major
    • Resolution: Fixed
    • Affects Version/s: 13.5.1, 14.0.0, 5.5.1, 6.0.0, 6.5.0
    • Fix Version/s: 6.5.2, 7.0.0
    • Component/s: SAML
    • Labels:
    • Support Ticket IDs:

      Description

      Bug description

      As per https://www.w3.org/TR/xmlenc-core1/#sec-Alg-KeyTransport:

      • Implementation of RSA v1.5 is not recommended due to security risks associated with the algorithm.
      • Implementations must implement RSA-OAEP for the transport of all key types and sizes that are mandatory to implement for symmetric encryption.

      AM must support RSA-OAEP as well.

      SAML core spec points to the out-of-dateĀ https://www.w3.org/TR/2002/REC-xmlenc-core-20021210/ which also points rsa-oaep as required:

      Key Transport
      REQUIRED RSA-v1.5
      http://www.w3.org/2001/04/xmlenc#rsa-1_5
      REQUIRED RSA-OAEP
      http://www.w3.org/2001/04/xmlenc#rsa-oaep-mgf1p

      Expected behaviour
      AM must support RSA OAEP as key transport algorithm
      
      Current behaviour
      AM only supports rsa-v1.5 which is not recommended due to security risks associated with the algorithm.
      

      This also links to OPENAM-13973

        Attachments

          Issue Links

            Activity

              People

              • Assignee:
                peter.major Peter Major [X] (Inactive)
                Reporter:
                anastasios.kampas Tasos Kampas
              • Votes:
                0 Vote for this issue
                Watchers:
                11 Start watching this issue

                Dates

                • Created:
                  Updated:
                  Resolved: