Remove limitation for SAML encryption in FIPS mode (#48948) (#49022)

jkakavas · web-flow · commit dfabc2d9c5c0 · 2019-11-13T12:09:19.000+02:00
Our documentation regarding FIPS 140 claimed that when using SAML in a JVM that is configured in FIPS approved only mode, one could not use encrypted assertions. This stemmed from a wrong understanding regarding the compliance of RSA-OAEP which is used as the key wrapping algorithm for encrypting the key with which the SAML Assertion is encrypted. However, as stated for instance in https://downloads.bouncycastle.org/fips-java/BC-FJA-SecurityPolicy-1.0.0.pdf RSA-OAEP is approved for key transport, so this limitation is not effective. This change removes the limitation from our FIPS 140 related documentation.
diff --git a/x-pack/docs/en/security/fips-140-compliance.asciidoc b/x-pack/docs/en/security/fips-140-compliance.asciidoc
@@ -124,5 +124,3 @@ features are not available while running in fips mode. The list is as follows:
   available.
 * The SQL CLI client cannot run in a FIPS 140-2 enabled JVM while using
   TLS for transport security or PKI for client authentication.
-* The SAML Realm cannot decrypt and consume encrypted Assertions or encrypted
-  attributes in Attribute Statements from the SAML IdP.
