PingFederate 8 and the JCE

TL;DR It’s a good idea to install JCE.

Installing the Java Cryptography Extension JCE is highly recommended if your countries laws permit it’s importation and use, for two reasons: adherence with standards & interoperability. There’s some pretty cool stuff being developed by those who don’t care too much for interoperability, but for those of us in the Enterprise Identity Management space, it’s essential.

Java 8 gives you basic crypto, but includes limits on Maximum Keysizes. The following table provides a quick summary.

Algorithm Maximum Keysize
DES 64
DESede (AKA TripleDES) *
RC2 128
RC4 128
RC5 128
RSA *
All others (inc. AES) 128

What does this mean for us?

TLS

Fewer Crypto options. I don’t see this is a huge issue. When we deploy a PingFederate cluster, it’s typically behind a TLS Terminating Load Balancer anyway, which means that our TLS Sessions only exist in the data centre and we’re generally pretty happy with AES128 for TLS.

SAML/WS-*

No TripleDES or AES256 XML block encryption option

  • Not compliant with the W3C XML Encryption Recommendation (yes, only a recommendation) which is used by SAML & WS-* Protocols. This states that AES256 & TripleDES are ‘required’.
  • Assertions in the responses are in the clear on the above mentioned Load Balancer (and many other similar scenarios) without this. This may be an issue if the assertions contain sensitive information.
  • We can’t be an Relying Party (RP) to an ADFS 2.x (and newer) Identity Provider (IP) without disabling the encryption of claims. set-ADFSRelyingPartyTrust –TargetName "Ping RP" –EncryptClaims $False. It does not appear to be possible to downgrade ADFS to use AES128.

OpenID Connect

The upcoming Javascript Object Signing and Encryption (JOSE) standard include a specification on JWE key management and JWE content encryption. The table below shows the encryption and key management options with and without the JCE installed. Many of the additional options enabled by installing the JCE are either optional or recommended in the listed specifications.

Config JWE content encryption algorithms JWE key management algorithms
Without JCE A128CBC-HS256, A128GCM RSA1_5, RSA-OAEP, RSA-OAEP-256, dir, A128KW, ECDH-ES, ECDH-ES+A128KW, PBES2-HS256+A128KW, A128GCMKW
With JCE A128CBC-HS256, A192CBC-HS384, A256CBC-HS512, A128GCM, A192GCM, A256GCM RSA1_5, RSA-OAEP, RSA-OAEP-256, dir, A128KW, A192KW, A256KW, ECDH-ES, ECDH-ES+A128KW, ECDH-ES+A192KW, ECDH-ES+A256KW, PBES2-HS256+A128KW, PBES2-HS384+A192KW, PBES2-HS512+A256KW, A128GCMKW, A192GCMKW, A256GCMKW

Installation

  1. Ensure your JAVA_HOME is directed at your JRE, not the JDK.
  2. Download the Java Cryptography Extension (JCE) Unlimited Strength Jurisdiction Policy Files 8
  3. Extract the files to JAVA_HOME\lib\security
  4. If you’re on a Windows OS, right click each policy file individually and unblock.
  5. Edit the following file and enable the ciphers you wish to use. <installDir>\pingfederate\server\default\data\config-store\com.pingidentity.crypto.SunJCEManager.xml
    Note: If you want to be super cautious, disable TLS_DHE_RSA_WITH_AES_256_CBC_SHA256 and TLS_DHE_RSA_WITH_AES_256_CBC_SHA as these are potentially susceptible to Logjam vulnerability. The Logjam test site reports that an uncommon 1024 bit group is used so it should be ok, but why risk it!?
  6. Restart the service

If everything went successfully you should see messages in server.log resembling:

org.jose4j.jwe.AesKeyWrapManagementAlgorithm$Aes256@7244d076 registered for alg algorithm A256KW

instead of:

A256KW is unavailable so will not be registered for alg algorithms.

If you happen to notice the messages in the logs at startup stating that PS256, PS384 & PS512 are unavailable, it’s safe to ignore these. They are unavoidable at the time of writing, as they require bouncy castle which is not supported by PingFederate.

Full log samples here:

PingFederate Logs without JCE

PingFederate Logs with JCE