By hiroshi - 11/24/2019
Is it possible to reject SHA-1 signature at SAMLMessageSignature.Verify. I am using public static bool Verify(XmlElement xmlElement, X509Certificate2 x509Certificate); in SAMLMessageSignature class. It looks like this method succeeds regardless of the signature algorithm as far as any algorithm is declared in the response.
I would like to reject SHA-1 signature (weak), but I do not find such override method or configuration method. Is it possible?
|
By ComponentSpace - 11/26/2019
You're welcome.
|
|