3

I'm currently looking at the security of a KeyCloak implementation, which again uses SAML 2.0 identity provider.

I'm not too familiar with SAML, but during the authentication, the sent SAMLRequest states SigAlg=http%3A%2F%2Fwww.w3.org%2F2000%2F09%2Fxmldsig%23rsa-sha1.

Reading through the SAML documentation, I understood that this is used for the SimpleSign signature.

Therefore I'd consider this a security threat, with SHA1 being considered as broken.

Is my assumption correct, when I say SHA1 for the SimpleSign algorithm poses a security threat and should be replaces by SHA256?

Filipe dos Santos
  • 1,090
  • 4
  • 15
GarlicCheese
  • 129
  • 1
  • 11
  • 1
    See also [How secure is SHA1?](https://crypto.stackexchange.com/questions/48289/how-secure-is-sha1-what-are-the-chances-of-a-real-exploit), which briefly mentions SAML. – Sjoerd Feb 27 '19 at 10:03

1 Answers1

5

I work as a security consultant for SAML 2.0 implementations on a daily basis, mainly for business scenarios. Said that, most security teams are OK using SHA-1 for the same reasons described in this post (that was already mentioned in a comment).

On the other hand using SHA-256 is a security best practice for SAML 2.0 scenarios, and multiple Identity Provider vendors are enforcing the usage of SHA-256 as the default algorithm.

Since for most scenarios (specially for cloud systems) the impact of changing the algorithm is minimal, I can't see why not use SHA-256 algorithm for a new implementation from the start.

Filipe dos Santos
  • 1,090
  • 4
  • 15