Forums, Documentation & Knowledge Base - ComponentSpace

Reject SHA-1 signature at SAMLMessageSignature.Verify


https://componentspace.com/forums/Topic10467.aspx

By hiroshi - 11/24/2019

Is it possible to reject SHA-1 signature at SAMLMessageSignature.Verify.
I am using public static bool Verify(XmlElement xmlElement, X509Certificate2 x509Certificate); in SAMLMessageSignature class.
It looks like this method succeeds regardless of the signature algorithm as far as any algorithm is declared in the response.

I would like to reject SHA-1 signature (weak), but I do not find such override method or configuration method.
Is it possible?

By ComponentSpace - 11/26/2019

You're welcome.