000016861 - FIM - Can FIM create SAML assertions signed with SHA256 instead of SHA1?

Document created by RSA Customer Support Employee on Jun 16, 2016Last modified by RSA Customer Support Employee on Apr 21, 2017
Version 2Show Document
  • View in full screen mode

Article Content

Article Number000016861
Applies ToRSA Federated Identity Manager (FIM)  versions 4.1  , 4.2
IssueFIM -  Can FIM create SAML assertions signed with SHA256 instead of SHA1?
Can FIM be forced to create SAML assertions signed with SHA256 instead of SHA1? The SAML specs only mention SHA1 .
Resolution

FIM doesn??t have capability to select higher strength algorithms??

It supports only following algorithms depending upon the key algorithm of keystore available for signing.

DSA:  ??http://www.w3.org/2000/09/xmldsig#dsa-sha1??

RSA: ??http://www.w3.org/2000/09/xmldsig#rsa-sha1??

The SAML spec :
5.4.1 Signing Formats and Algorithms
SAML processors SHOULD support the use of RSA signing and verification for public key
operations in accordance with the algorithm identified by http://www.w3.org/2000/09/xmldsig#rsa-sha1.

Legacy Article IDa63840

Attachments

    Outcomes