Changes to profile and algorithm defaults

Description

We plan to make several adjustments to the default profiles and security mechanisms used for new installs. These will not impact upgrades when done in accordance with the documentation.

The three widely agreed changes included:

  • disable SAML 1 by default

  • disable attribute queries by default

  • removing default support for use of PKIX at runtime

The tenatively agreed change is to switch the default XML encryption algorithm to AES-GCM. This is more open to discussion because it guarantees some effort by deployers to override that default for a variety of services, likely permanently.

Environment

None

Activity

Tom Zeller March 6, 2020 at 5:01 PM

Resolving as tests pass.

Scott Cantor February 21, 2020 at 4:59 PM

Over to Tom if there's still any test cleanup.

Scott Cantor February 21, 2020 at 4:58 PM

I changed the GCM default today.

Tom Zeller January 28, 2020 at 2:39 AM

I need to adjust the attribute query integration tests to enable attribute queries when testing IdP V4.

Completed

Details

Assignee

Reporter

Components

Fix versions

Created December 23, 2019 at 6:47 PM
Updated March 11, 2020 at 2:10 PM
Resolved March 6, 2020 at 5:01 PM