[IdP] How to set  the SHA256 to be used in IDP
Question
idp
Web icon
Forge component by Rui Barbosa

Please advise how to change the signature method to be SHA256.

In the LogoutRequest SAML xml, I find its signature method being SHA1 but my client's is using SHA256.



Though this post is from quite some time back, we are today running into the same issue: SP is signatureMethod SHA1, while Client Idp is signatureMethod SHA256 (since it is the year 2022)

Is there any update on this?

Screenshot 2022-02-21 at 15.24.30.png

Hi @Taco van der Heijden ,

Thank you for reporting this. This is indeed a missing feature/misbehavior.

When using the option to perform the Logout request using post the algorithm used is SHA-1 when it should have been SHA-256.


I plan on launching a new version that allows you to specify the algorithm used.

In the meantime, you can change the "Single Logout Bind" to HTTP-Redirect which should be using the more modern SHA-256 signature method instead.

Regards,

HiJoão,

thanks for your response. I've found this post from some time ago, since we are facing the same issue now with the integrated settings in the Outsystems Platform. We've configured the SP in the users module of the platform, but there is no option to set the SHA signatureMethod, it apparently is always SHA1. Our Idp expects SHA256 and only that. We've already logged a ticket with support Case [#2595576]. Hopefully this will get solved, otherwise we might consider using this IDP component if it fixes our issue. We have not yet tried it, since the feature was integrated in the platform since some time.


KR

Taco

Community GuidelinesBe kind and respectful, give credit to the original source of content, and search for duplicates before posting.