diff --git a/bitwarden_license/src/Portal/Models/SsoConfigDataViewModel.cs b/bitwarden_license/src/Portal/Models/SsoConfigDataViewModel.cs index 7affbc3bff..7dac334487 100644 --- a/bitwarden_license/src/Portal/Models/SsoConfigDataViewModel.cs +++ b/bitwarden_license/src/Portal/Models/SsoConfigDataViewModel.cs @@ -47,6 +47,7 @@ namespace Bit.Portal.Models SpSigningBehavior = configurationData.SpSigningBehavior; SpWantAssertionsSigned = configurationData.SpWantAssertionsSigned; SpValidateCertificates = configurationData.SpValidateCertificates; + SpMinIncomingSigningAlgorithm = configurationData.SpMinIncomingSigningAlgorithm ?? SamlSigningAlgorithms.Sha256; } [Required] @@ -86,6 +87,8 @@ namespace Bit.Portal.Models public bool SpWantAssertionsSigned { get; set; } [Display(Name = "SpValidateCertificates")] public bool SpValidateCertificates { get; set; } + [Display(Name = "MinIncomingSigningAlgorithm")] + public string SpMinIncomingSigningAlgorithm { get; set; } // SAML2 IDP [Display(Name = "EntityId")] @@ -211,6 +214,7 @@ namespace Bit.Portal.Models SpSigningBehavior = SpSigningBehavior, SpWantAssertionsSigned = SpWantAssertionsSigned, SpValidateCertificates = SpValidateCertificates, + SpMinIncomingSigningAlgorithm = SpMinIncomingSigningAlgorithm, }; } diff --git a/bitwarden_license/src/Portal/Views/Sso/Index.cshtml b/bitwarden_license/src/Portal/Views/Sso/Index.cshtml index 775a1aa178..58743d9e93 100644 --- a/bitwarden_license/src/Portal/Views/Sso/Index.cshtml +++ b/bitwarden_license/src/Portal/Views/Sso/Index.cshtml @@ -194,6 +194,13 @@ class="form-control"> +
+
+ + +
+
diff --git a/bitwarden_license/src/Sso/Utilities/DynamicAuthenticationSchemeProvider.cs b/bitwarden_license/src/Sso/Utilities/DynamicAuthenticationSchemeProvider.cs index 959e838fca..8dc2670ed6 100644 --- a/bitwarden_license/src/Sso/Utilities/DynamicAuthenticationSchemeProvider.cs +++ b/bitwarden_license/src/Sso/Utilities/DynamicAuthenticationSchemeProvider.cs @@ -9,6 +9,7 @@ using Bit.Core.Enums; using Bit.Core.Models.Data; using Bit.Core.Models.Table; using Bit.Core.Repositories; +using Bit.Core.Sso; using Bit.Sso.Models; using Bit.Sso.Utilities; using IdentityModel; @@ -358,6 +359,10 @@ namespace Bit.Core.Business.Sso AuthenticateRequestSigningBehavior = GetSigningBehavior(config.SpSigningBehavior), ValidateCertificates = config.SpValidateCertificates, }; + if (!string.IsNullOrWhiteSpace(config.SpMinIncomingSigningAlgorithm)) + { + spOptions.MinIncomingSigningAlgorithm = config.SpMinIncomingSigningAlgorithm; + } if (!string.IsNullOrWhiteSpace(config.SpOutboundSigningAlgorithm)) { spOptions.OutboundSigningAlgorithm = config.SpOutboundSigningAlgorithm; diff --git a/src/Core/Models/Data/SsoConfigurationData.cs b/src/Core/Models/Data/SsoConfigurationData.cs index 3f85b2da99..11e7767f55 100644 --- a/src/Core/Models/Data/SsoConfigurationData.cs +++ b/src/Core/Models/Data/SsoConfigurationData.cs @@ -39,6 +39,7 @@ namespace Bit.Core.Models.Data public Saml2SigningBehavior SpSigningBehavior { get; set; } = Saml2SigningBehavior.IfIdpWantAuthnRequestsSigned; public bool SpWantAssertionsSigned { get; set; } public bool SpValidateCertificates { get; set; } + public string SpMinIncomingSigningAlgorithm { get; set; } = SamlSigningAlgorithms.Sha256; public string BuildCallbackPath(string ssoUri = null) { diff --git a/src/Core/Resources/SharedResources.en.resx b/src/Core/Resources/SharedResources.en.resx index ce4f4fee77..09ffdad414 100644 --- a/src/Core/Resources/SharedResources.en.resx +++ b/src/Core/Resources/SharedResources.en.resx @@ -331,6 +331,9 @@ Signing Behavior + + Minimum Incoming Signing Algorithm + Binding Type