FIM - Can FIM create SAML assertions signed with SHA256 instead of SHA1?
Originally Published: 2014-01-24
Article Number
Applies To
Issue
Can FIM be forced to create SAML assertions signed with SHA256 instead of SHA1? The SAML specs only mention SHA1 .
Resolution
FIM doesn??t have capability to select higher strength algorithms??
It supports only following algorithms depending upon the key algorithm of keystore available for signing.
DSA: ??http://www.w3.org/2000/09/xmldsig#dsa-sha1??
RSA: ??http://www.w3.org/2000/09/xmldsig#rsa-sha1??
The SAML spec :
5.4.1 Signing Formats and Algorithms
SAML processors SHOULD support the use of RSA signing and verification for public key
operations in accordance with the algorithm identified by http://www.w3.org/2000/09/xmldsig#rsa-sha1.
Related Articles
How to create a CA hierarchy where one subordinate CA uses SHA1 and another subordinate CA uses SHA2 while both sub CA's … Number of Views Enable SSH debug logs for RSA Authentication Manager 8.x Number of Views Enable SSH using the command line on RSA Authentication Manager 8.4 and up Number of Views Authentication Failed for PAM Agent using SSH for Active Directory Users Number of Views Collecting logs in RSA Authentication Manager 8.x via SSH Number of Views
Trending Articles
RSA Authentication Manager Upgrade Process RSA Release Notes for RSA Authentication Manager 8.8 RSA RADIUS Server service failed to start in the RSA Authentication Manager 8.1 Operations Console Microsoft Entra ID External MFA - Relying Party Configuration Using OIDC - RSA Ready Implementation Guide RSA Release Notes: Cloud Access Service and RSA Authenticators
Don't see what you're looking for?
