A SignatureProperties object can be defined on the STSPropertiesMBean. Note that this is unrelated to the signaturePropertiesFile property of StaticSTSProperties. This class provides some configuration relating to the signing of an issued token, as well as symmetric key generation. It has the following properties:
- boolean useKeyValue - Whether to use a KeyValue or not to refer to a certificate in a signature. The default is false.
- long keySize - The (default) key size to use when generating a symmetric key. The default is 256 bits.
- long minimumKeySize - The minimum key size to use when generating a symmetric key. The requestor can specify a KeySize value to use. The default is 128 bits.
- long maximumKeySize - The maximum key size to use when generating a symmetric key. The requestor can specify a KeySize value to use. The default is 512 bits.
- signatureAlgorithm - Signature algorithm preferred by the client. Default value is rsa-sha1
- acceptedSignatureAlgorithms - Alternative signature algorithms that may be used by the STS.
- c14nAlgorithm - Canonicalization algorithm (default c14n-excl-omit-comments) preferred by the client.
- acceptedC14nAlgorithms - Alternative canonicalization algorithms that may be used by the STS.
For example, when the client sends a "KeySize" element to the STS when requesting a SAML Token (and sending a SymmetricKey KeyType URI), the SAMLTokenProvider will check that the requested keysize falls in between the minimum and maximum key sizes defined above. If it does not, then the default key size is used.