TL;DR It’s a good idea to install JCE.
Installing the Java Cryptography Extension JCE is highly recommended if your countries laws permit it’s importation and use, for two reasons: adherence with standards & interoperability. There’s some pretty cool stuff being developed by those who don’t care too much for interoperability, but for those of us in the Enterprise Identity Management space, it’s essential.
Java 8 gives you basic crypto, but includes limits on Maximum Keysizes. The following table provides a quick summary.
|DESede (AKA TripleDES)||*|
|All others (inc. AES)||128|
What does this mean for us?
Fewer Crypto options. I don’t see this is a huge issue. When we deploy a PingFederate cluster, it’s typically behind a TLS Terminating Load Balancer anyway, which means that our TLS Sessions only exist in the data centre and we’re generally pretty happy with AES128 for TLS.
No TripleDES or AES256 XML block encryption option
- Not compliant with the W3C XML Encryption Recommendation (yes, only a recommendation) which is used by SAML & WS-* Protocols. This states that AES256 & TripleDES are ‘required’.
- Assertions in the responses are in the clear on the above mentioned Load Balancer (and many other similar scenarios) without this. This may be an issue if the assertions contain sensitive information.
- We can’t be an Relying Party (RP) to an ADFS 2.x (and newer) Identity Provider (IP) without disabling the encryption of claims.
set-ADFSRelyingPartyTrust –TargetName "Ping RP" –EncryptClaims $False. It does not appear to be possible to downgrade ADFS to use AES128.
|Config||JWE content encryption algorithms||JWE key management algorithms|
|Without JCE||A128CBC-HS256, A128GCM||RSA1_5, RSA-OAEP, RSA-OAEP-256, dir, A128KW, ECDH-ES, ECDH-ES+A128KW, PBES2-HS256+A128KW, A128GCMKW|
|With JCE||A128CBC-HS256, A192CBC-HS384, A256CBC-HS512, A128GCM, A192GCM, A256GCM||RSA1_5, RSA-OAEP, RSA-OAEP-256, dir, A128KW, A192KW, A256KW, ECDH-ES, ECDH-ES+A128KW, ECDH-ES+A192KW, ECDH-ES+A256KW, PBES2-HS256+A128KW, PBES2-HS384+A192KW, PBES2-HS512+A256KW, A128GCMKW, A192GCMKW, A256GCMKW|
- Ensure your JAVA_HOME is directed at your JRE, not the JDK.
- Download the Java Cryptography Extension (JCE) Unlimited Strength Jurisdiction Policy Files 8
- Extract the files to JAVA_HOME\lib\security
- If you’re on a Windows OS, right click each policy file individually and unblock.
- Edit the following file and enable the ciphers you wish to use.
Note: If you want to be super cautious, disable TLS_DHE_RSA_WITH_AES_256_CBC_SHA256 and TLS_DHE_RSA_WITH_AES_256_CBC_SHA as these are potentially susceptible to Logjam vulnerability. The Logjam test site reports that an uncommon 1024 bit group is used so it should be ok, but why risk it!?
- Restart the service
If everything went successfully you should see messages in server.log resembling:
org.jose4j.jwe.AesKeyWrapManagementAlgorithm$Aes256@7244d076 registered for alg algorithm A256KW
A256KW is unavailable so will not be registered for alg algorithms.
If you happen to notice the messages in the logs at startup stating that PS256, PS384 & PS512 are unavailable, it’s safe to ignore these. They are unavoidable at the time of writing, as they require bouncy castle which is not supported by PingFederate.
Full log samples here: