fixed #504

daisukenishino2 · daisukenishino2 · commit c905153ab909 · 2026-03-10T20:35:19.000+09:00
diff --git a/root/programs/CS/Frameworks/Infrastructure/Framework/Authentication/SAML2Client.cs b/root/programs/CS/Frameworks/Infrastructure/Framework/Authentication/SAML2Client.cs
@@ -53,18 +53,22 @@ public class SAML2Client
         /// <param name="assertionConsumerService">string</param>
         /// <param name="relayState">string</param>
         /// <param name="id">out string</param>
+        /// <param name="hashAlgorithmName">HashAlgorithmName</param>
         /// <returns>queryString</returns>
         public static string CreateRedirectRequest(
             SAML2Enum.RequestOrResponse createRoR,
             SAML2Enum.ProtocolBinding protocolBinding,
             SAML2Enum.NameIDFormat nameIDFormat,
-            string iss, string assertionConsumerService, string relayState, out string id)
-        {   
+            string iss, string assertionConsumerService, string relayState, out string id,
+            HashAlgorithmName? hashAlgorithmName = null) // 既定値の変更 SHA1 → SHA256
+        {
             // DigitalSignX509
-            DigitalSignX509 dsX509 = new DigitalSignX509(CmnClientParams.RsaPfxFilePath, CmnClientParams.RsaPfxPassword, HashAlgorithmName.SHA1);
+            HashAlgorithmName han = hashAlgorithmName ?? HashAlgorithmName.SHA256;
+            DigitalSignX509 dsX509 = new DigitalSignX509(
+                CmnClientParams.RsaPfxFilePath, CmnClientParams.RsaPfxPassword, han);
 
             // SamlRequestの生成
-            
+
             string samlRequest = SAML2Bindings.CreateRequest(
                 iss, protocolBinding, nameIDFormat,
                 assertionConsumerService, out id).OuterXml;
@@ -119,6 +123,7 @@ public static string CreatePostRequest(
         /// <param name="nameIDFormat">SAML2Enum.NameIDFormat</param>
         /// <param name="authnContextClassRef">SAML2Enum.AuthnContextClassRef</param>
         /// <param name="samlResponse2">XmlDocument</param>
+        /// <param name="hashAlgorithmName">HashAlgorithmName</param>
         /// <returns>bool</returns>
         public static bool VerifyResponse(
             string queryString, string samlResponse,
@@ -127,7 +132,8 @@ public static bool VerifyResponse(
             out SAML2Enum.StatusCode? statusCode,
             out SAML2Enum.NameIDFormat? nameIDFormat, 
             out SAML2Enum.AuthnContextClassRef? authnContextClassRef,
-            out XmlDocument samlResponse2)
+            out XmlDocument samlResponse2,
+            HashAlgorithmName? hashAlgorithmName = null) // 既定値の変更 SHA1 → SHA256
         {
             bool verified = false;
 
@@ -177,7 +183,8 @@ public static bool VerifyResponse(
 
 #region 検証
             // Metadata利用を検討
-            DigitalSignX509 dsX509 = new DigitalSignX509(CmnClientParams.RsaCerFilePath, "", HashAlgorithmName.SHA1);
+            HashAlgorithmName han = hashAlgorithmName ?? HashAlgorithmName.SHA256;
+            DigitalSignX509 dsX509 = new DigitalSignX509(CmnClientParams.RsaCerFilePath, "", han);
 
             if (!string.IsNullOrEmpty(queryString))
             {
