allow change assertion encrypt algorithm

crewjam · Jun 20, 2024 · c3d51ea · c3d51ea
1 parent a32b643
commit c3d51ea
Showing 1 changed file with 8 additions and 1 deletion.
diff --git a/identity_provider.go b/identity_provider.go
@@ -106,6 +106,7 @@ type IdentityProvider struct {
 	SessionProvider         SessionProvider
 	AssertionMaker          AssertionMaker
 	SignatureMethod         string
+	AssertionDigestMethod   *xmlenc.DigestMethod
 	ValidDuration           *time.Duration
 }
 
@@ -867,7 +868,13 @@ func (req *IdpAuthnRequest) MakeAssertionEl() error {
 
 	encryptor := xmlenc.OAEP()
 	encryptor.BlockCipher = xmlenc.AES128CBC
-	encryptor.DigestMethod = &xmlenc.SHA1
+	// Default to using SHA1 if the signature method isn't set.
+	if req.IDP.AssertionDigestMethod == nil {
+		encryptor.DigestMethod = &xmlenc.SHA1
+	} else {
+		encryptor.DigestMethod = *req.IDP.AssertionDigestMethod
+	}
+
 	encryptedDataEl, err := encryptor.Encrypt(certBuf, signedAssertionBuf, nil)
 	if err != nil {
 		return err