SAML Encryption Block Algorithm.
Article ID: 208839
Updated On:
Products
Issue/Introduction
Customer is trying to set up a partnership with a "vendor" (Not siteminder) that only has the following " Encryption Block Algorithm " options for assertion encryption and they would like to know how we can configure the partnership to work with these encryption options.
AES128_CBC
AES192_CBC
AES256_CBC
AES128_GCM
AES192_GCM
AES256_GCM
------ As per our siteminder documentation and AdminUI we are only supporting below.
Siteminder Supporting: 3DES, AES-128 and AES-256
https://techdocs.broadcom.com/us/en/symantec-security-software/identity-security/siteminder/12-8/using/administrative-ui/federation-partnerships-reference/signature-and-encryption-dialog-saml-2-0-idp.html
- Could you please let us know whether we support these Encryption Block Algorithms or not? Our customer partner can use these Encryption Block Algorithms (With CBC and GCM) while we only support 3DES, AES-128 and AES-256 as documented?
Environment
Release : 12.8.03
Component : SITEMINDER FEDERATION SECURITY SERVICES
Resolution
SiteMinder has the support for the following Block Algorithms for Encryption.
- AES128_CBC and AES256_CBC
These are represented as AES-128 and AES-256 in Administrative UI - Partnership screen.
------ Note that " AES192_CBC " is NOT supported in any of the SiteMinder releases.
------ SiteMinder Version " 12.8.05 " (12.8 SP5) has support for the following new encryption algorithms in SAML 2.0 partnership federation.
- AES-128-GCM, AES-192-GCM and AES-256-GCM
Here is the screenshot from 12.8.05 version Administrative UI.
Attachments
Feedback
