FIM - Can FIM create SAML assertions signed with SHA256 instead of SHA1?
Originally Published: 2014-01-24
Article Number
Applies To
Issue
Can FIM be forced to create SAML assertions signed with SHA256 instead of SHA1? The SAML specs only mention SHA1 .
Resolution
FIM doesn??t have capability to select higher strength algorithms??
It supports only following algorithms depending upon the key algorithm of keystore available for signing.
DSA: ??http://www.w3.org/2000/09/xmldsig#dsa-sha1??
RSA: ??http://www.w3.org/2000/09/xmldsig#rsa-sha1??
The SAML spec :
5.4.1 Signing Formats and Algorithms
SAML processors SHOULD support the use of RSA signing and verification for public key
operations in accordance with the algorithm identified by http://www.w3.org/2000/09/xmldsig#rsa-sha1.
Related Articles
RACF-SSH based connector fails with Unable to Negotiate Key Exchange error in RSA Governance & Lifecycle Number of Views How to create a CA hierarchy where one subordinate CA uses SHA1 and another subordinate CA uses SHA2 while both sub CA's … Number of Views How to view a certificate fingerprint as SHA-256, SHA-1 or MD5 using OpenSSL for RSA Authentication Manager Number of Views Enable SSH debug logs for RSA Authentication Manager 8.x Number of Views When signing a SHA256 CA off a SHA1 Root CA it does not have a SHA256 signature algorithm in RCM Number of Views
Trending Articles
Downloading RSA Authentication Manager license files or RSA Software token seed records RSA MFA Agent 2.3.6 for Microsoft Windows Installation and Administration Guide Quick Setup Guide - Passwordless Authentication in Windows MFA Agent for Active Directory Mandatory Certificate Upgrade Required by 6th October 2025 for RSA MFA Agent for PAM, RSA MFA Agent for Apache, and Third … RSA Authentication Manager 8.9 Release Notes (January 2026)
Don't see what you're looking for?
