FIM - Can FIM create SAML assertions signed with SHA256 instead of SHA1?
Originally Published: 2014-01-24
Article Number
Applies To
Issue
Can FIM be forced to create SAML assertions signed with SHA256 instead of SHA1? The SAML specs only mention SHA1 .
Resolution
FIM doesn??t have capability to select higher strength algorithms??
It supports only following algorithms depending upon the key algorithm of keystore available for signing.
DSA: ??http://www.w3.org/2000/09/xmldsig#dsa-sha1??
RSA: ??http://www.w3.org/2000/09/xmldsig#rsa-sha1??
The SAML spec :
5.4.1 Signing Formats and Algorithms
SAML processors SHOULD support the use of RSA signing and verification for public key
operations in accordance with the algorithm identified by http://www.w3.org/2000/09/xmldsig#rsa-sha1.
Related Articles
How to create a CA hierarchy where one subordinate CA uses SHA1 and another subordinate CA uses SHA2 while both sub CA's … Number of Views How to modify the WildFly application server default maximum parameter setting of 1000 in RSA Governance & Lifecycle Number of Views RSA Prime AMIS Developer's Guide Number of Views RSA-2026-07: RSA Identity Router Security Update for Third-Party Component Vulnerabilities Number of Views RSA Authentication Manager 8.x - Weak Ciphers Vulnerabilities found with Qualys Scan - Updated Number of Views
Trending Articles
RSA Authentication Manager 8.9 Release Notes (January 2026) RSA MFA Agent 2.3.6 for Microsoft Windows Installation and Administration Guide RSA-2026-07: RSA Authentication Manager Security Update for Third-Party Component Vulnerabilities Downloading RSA Authentication Manager license files or RSA Software token seed records RSA MFA Agent 2.5 for Microsoft Windows Installation and Administration Guide
Don't see what you're looking for?
