You're almost there! Please answer a few more questions for access to the Applications content. Complete registration
Interested in joining? Complete your registration by providing Areas of Interest here. Register

How do I ensure Storefront SSO uses SHA256 SAML request encryption?

Summary:

We're upgrading our Keycloak Server for SSO to 25 and with that, the Java runtime. Since Java 17, SHA1 algorithms were removed.

The Storefront is sending the SAML request with a SHA1 encryption and this is causing errors. How can I change it to use SHA256?

Content (please ensure you mask any confidential information):

Example SAML request data from Storefront:

<?xml version="1.0" encoding="UTF-8" standalone="no"?><samlp:AuthnRequest xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol" Destination="http://keycloak.localhost/realms/occ-dev/protocol/saml" ID="OCCS_6dad7ce5-2485-4324-bb94-c1820e1bb9ab" IssueInstant="2024-10-02T11:44:10Z" Version="2.0">    <saml:Issuer xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion">https://f1497597c1dev-store.occa.ocs.oraclecloud.com</saml:Issuer>    <dsig:Signature xmlns:dsig="http://www.w3.org/2000/09/xmldsig#">        <dsig:SignedInfo>            <dsig:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>            <dsig:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"/>            <dsig:Reference URI="#OCCS_6dad7ce5-2485-4324-bb94-c1820e1bb9ab">                <dsig:Transforms>                    <dsig:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/>                    <dsig:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>                </dsig:Transforms>                <dsig:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/>                <dsig:DigestValue>REDACTED</dsig:DigestValue>           

Howdy, Stranger!

Log In

To view full details, sign in.

Register

Don't have an account? Click here to get started!