Remove limitation for SAML encryption in FIPS mode (#48948) (#49019)

Our documentation regarding FIPS 140 claimed that when using SAML in a JVM that is configured in FIPS approved only mode, one could not use encrypted assertions. This stemmed from a wrong understanding regarding the compliance of RSA-OAEP which is used as the key wrapping algorithm for encrypting the key with which the SAML Assertion is encrypted. However, as stated for instance in https://downloads.bouncycastle.org/fips-java/BC-FJA-SecurityPolicy-1.0.0.pdf RSA-OAEP is approved for key transport, so this limitation is not effective. This change removes the limitation from our FIPS 140 related documentation.
2025-02-22 21:05:23 +00:00 · 2019-11-13 12:10:01 +02:00 · 2019-11-13 12:10:01 +02:00 · e0331e2a0f
commit e0331e2a0f
parent 37fa3fb4ff
1 changed files with 0 additions and 2 deletions
--- a/x-pack/docs/en/security/fips-140-compliance.asciidoc
+++ b/x-pack/docs/en/security/fips-140-compliance.asciidoc
@ -121,5 +121,3 @@ features are not available while running in fips mode. The list is as follows:
  can be later used in the FIPS 140-2 enabled JVM.
 * The SQL CLI client cannot run in a FIPS 140-2 enabled JVM while using
  TLS for transport security or PKI for client authentication.
-* The SAML Realm cannot decrypt and consume encrypted Assertions or encrypted
-  attributes in Attribute Statements from the SAML IdP.