UNSOLVED SAML2 is failing due to "rsa-sha1" and "secured validation"
When getting a SAMLv2 certificate that is using a sha1 algorithm i get this error:
Caused by: javax.xml.crypto.MarshalException: It is forbidden to use algorithm http://www.w3.org/2000/09/xmldsig#rsa-sha1 when secure validation is enabled
I have tried to look for documentation about the 'secured validation' and all i come up with is this :
This is only valid if i am setting up my own instance of fusionauth but I am using the hosted which means i do not have access to these things.
Is this something that can be remedied on our Fusionauth, is there something I am missing?
dan last edited by
http://www.w3.org/2000/09/xmldsig#rsa-sha1algorithm has been removed as of Java 17.
This error means you are using an SAML v2 IdP that is signing their Authn response with RSA-SHA1. The best way to solve this is to change the signing configuration if you have access to that, or request the owner of that IdP sign their response using a more secure, modern algorithm.