By default, AES128 (Advanced Standard Encryption, 128-bit) is used to encrypt SAML assertions. If you require a different encryption method, such as TDES (Triple Data Encryption Algorithm) or AES256 (Advanced Standard Encryption, 256-bit), you can modify the Tomcat web.xml file and specify your required method. To use PKCS 2.0 (RSA-OAEP) for encryption, see TID.
By default, AES128 (Advanced Standard Encryption, 128-bit) is used to encrypt SAML assertions. If you require a different encryption method, such as AES256 (Advanced Standard Encryption, 256-bit), you can modify the Tomcat web.xml file, and specify the required method.
Open the Identity Server web.xml file.
Add the following lines to the file:
<context-param>
<param-name>EncryptionMethod</param-name>
<param-value>AES256</param-value>
</context-param>
You can set the <param-value> element to AES128 or AES256. Because AES128 is the default, specifying this value in the web.xml file does not change any behavior.
For information about how to edit a file, see Modifying Configurations
in the NetIQ Access Manager CE 24.2 (v5.1) Administration Guide.
The following algorithms for encryption method are supported:
<md:EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#aes128-cbc"/><md:EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#aes256-cbc"/><md:EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#rsa-oaep"/><md:EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#rsa-oaep-mgf1p"/>