Spring Security SAML: support RSA_SHA1 signed authnrequest

Expected Behavior

Using spring-security in application acting as a SAML SP, it should be possible to choose RSA_SHA1 (http://www.w3.org/2000/09/xmldsig#rsa-sha1) as authnrequest sign algorithm.

Current Behavior

sign algorithm is not configurable and spring-security is always using RSA_SHA256 (http://www.w3.org/2001/04/xmldsig-more#rsa-sha256) Context

RSA_SHA256 by default is fine most of the time, but is seems some IDP, or the way they are configured by users, mandate to use other algorithm (at least we saw RSA_SHA1). It seems making sign algorithm configurable would improve spring-security interoperability with IDP configurations.

Comment From: jzheaux

@amergey thanks for the suggestion.

I think the place to add this is in Saml2AuthenticationRequestContext. To change the algorithm, the application would register a custom Saml2AuthenticationRequestContextResolver.

Would you be able to provide a PR that adds this support to Saml2AuthenticationRequestContext.Builder and OpenSamlAuthenticationRequestFactory?

Comment From: amergey

Hi @jzheaux I will try to provide a PR for this.

Comment From: amergey

I started this PR https://github.com/spring-projects/spring-security/pull/9039