Uploaded image for project: 'OpenAM'
  1. OpenAM
  2. OPENAM-15319

Ensure AES GCM encryption method can be used to encrypt SAML JWTs

    Details

    • Type: Bug
    • Status: Resolved
    • Priority: Major
    • Resolution: Fixed
    • Affects Version/s: 7.0.0
    • Fix Version/s: 7.0.0
    • Component/s: None
    • Labels:
    • Target Version/s:

      Description

      Currently AES-256 GCM encryption algorithm cannot be used to encrypt the SAML authnRequest JWTs, because of an encryption key type mismatch (the encryption code expects an AES key, but AM OOTB stores keys using RAW algorithm).

      The encryption/decryption should be able to convert RAW keys to AES keys when the key material is available (getEncoded() returns non-null value). When the key material is not available, the key should be left as is.

        Attachments

          Activity

            People

            • Assignee:
              peter.major Peter Major [X] (Inactive)
              Reporter:
              peter.major Peter Major [X] (Inactive)
            • Votes:
              0 Vote for this issue
              Watchers:
              2 Start watching this issue

              Dates

              • Created:
                Updated:
                Resolved: