SAML2 is failing due to "rsa-sha1" and "secured validation"

bryan.odaly

When getting a SAMLv2 certificate that is using a sha1 algorithm i get this error:

Caused by: javax.xml.crypto.MarshalException: It is forbidden to use algorithm http://www.w3.org/2000/09/xmldsig#rsa-sha1 when secure validation is enabled

I have tried to look for documentation about the 'secured validation' and all i come up with is this :
https://fusionauth.io/docs/v1/tech/admin-guide/securing

This is only valid if i am setting up my own instance of fusionauth but I am using the hosted which means i do not have access to these things.

Is this something that can be remedied on our Fusionauth, is there something I am missing?

dan

@bryan-odaly

The http://www.w3.org/2000/09/xmldsig#rsa-sha1 algorithm has been removed as of Java 17.

More details:
https://github.com/FusionAuth/fusionauth-site/issues/1202
https://fusionauth.io/docs/v1/tech/release-notes#version-1-32-0

This error means you are using an SAML v2 IdP that is signing their Authn response with RSA-SHA1. The best way to solve this is to change the signing configuration if you have access to that, or request the owner of that IdP sign their response using a more secure, modern algorithm.