The default digest algorithm used is the value configured in the global security configuration's {@link SecurityConfiguration#getSignatureReferenceDigestMethod()}, if available, otherwise it will be {@link SignatureConstants#ALGO_ID_DIGEST_SHA1}.
The default set of transforms applied consists of {@link SignatureConstants#TRANSFORM_ENVELOPED_SIGNATURE}and {@link SignatureConstants#TRANSFORM_C14N_EXCL_WITH_COMMENTS}.
When generating an exclusive canonicalization transform, an inclusive namespace list is generated from the namespaces, retrieved from {@link org.opensaml.xml.XMLObject#getNamespaces()}, used by the SAML object to be signed and all of it's descendants.
Note that the SAML specification states that: 1) an exclusive canonicalization transform (either with or without comments) SHOULD be used. 2) transforms other than enveloped signature and one of the two exclusive canonicalizations SHOULD NOT be used. Careful consideration should be made before deviating from these recommendations.
|
|
|
|