SAML Encryption Block Algorithm.

book

Article ID: 208839

calendar_today

Updated On:

Products

CA Single Sign On Federation (SiteMinder) CA Single Sign On Secure Proxy Server (SiteMinder) CA Single Sign On Agents (SiteMinder) CA Single Sign-On

Issue/Introduction

Customer is trying to set up a partnership with a "vendor" (Not siteminder) that only has the following " Encryption Block Algorithm " options for assertion encryption and they would like to know how we can configure the partnership to work with these encryption options.

AES128_CBC
AES192_CBC
AES256_CBC
AES128_GCM
AES192_GCM
AES256_GCM

------ As per our siteminder documentation and AdminUI we are only supporting below.

Siteminder Supporting: 3DES, AES-128 and AES-256

https://techdocs.broadcom.com/us/en/symantec-security-software/identity-security/siteminder/12-8/using/administrative-ui/federation-partnerships-reference/signature-and-encryption-dialog-saml-2-0-idp.html


- Could you please let us know whether we support these Encryption Block Algorithms or not? Our customer partner can use these Encryption Block Algorithms (With CBC and GCM) while we only support 3DES, AES-128 and AES-256 as documented?

Environment

Release : 12.8.03

Component : SITEMINDER FEDERATION SECURITY SERVICES

Resolution

SiteMinder has the support for the following Block Algorithms for Encryption.

- AES128_CBC and AES256_CBC

These are represented as AES-128 and AES-256 in Administrative UI - Partnership screen.

------ Note that " AES192_CBC " is NOT supported in any of the SiteMinder releases.

------ SiteMinder Version " 12.8.05 " (12.8 SP5) has support for the following new encryption algorithms in SAML 2.0 partnership federation.

- AES-128-GCM, AES-192-GCM and AES-256-GCM

Here is the screenshot from 12.8.05 version Administrative UI.



Attachments