SignatureProperties - 7.1

Talend ESB STS User Guide

author
Talend Documentation Team
EnrichVersion
7.1
EnrichProdName
Talend Data Fabric
Talend Data Services Platform
Talend ESB
Talend MDM Platform
Talend Open Studio for ESB
Talend Real-Time Big Data Platform
task
Design and Development
Installation and Upgrade
EnrichPlatform
Talend ESB
Talend Runtime

A SignatureProperties object can be defined on the STSPropertiesMBean. Note that this is unrelated to the signaturePropertiesFile property of StaticSTSProperties. This class provides some configuration relating to the signing of an issued token, as well as symmetric key generation. It has the following properties:

  • boolean useKeyValue - Whether to use a KeyValue or not to refer to a certificate in a signature. The default is false.
  • long keySize - The (default) key size to use when generating a symmetric key. The default is 256 bits.
  • long minimumKeySize - The minimum key size to use when generating a symmetric key. The requestor can specify a KeySize value to use. The default is 128 bits.
  • long maximumKeySize - The maximum key size to use when generating a symmetric key. The requestor can specify a KeySize value to use. The default is 512 bits.
  • signatureAlgorithm - Signature algorithm preferred by the client. Default value is rsa-sha1
  • acceptedSignatureAlgorithms - Alternative signature algorithms that may be used by the STS.
  • c14nAlgorithm - Canonicalization algorithm (default c14n-excl-omit-comments) preferred by the client.
  • acceptedC14nAlgorithms - Alternative canonicalization algorithms that may be used by the STS.

For example, when the client sends a "KeySize" element to the STS when requesting a SAML Token (and sending a SymmetricKey KeyType URI), the SAMLTokenProvider will check that the requested keysize falls in between the minimum and maximum key sizes defined above. If it does not, then the default key size is used.