FIM - Can FIM create SAML assertions signed with SHA256 instead of SHA1?
Originally Published: 2014-01-24
Article Number
Applies To
Issue
Can FIM be forced to create SAML assertions signed with SHA256 instead of SHA1? The SAML specs only mention SHA1 .
Resolution
FIM doesn??t have capability to select higher strength algorithms??
It supports only following algorithms depending upon the key algorithm of keystore available for signing.
DSA: ??http://www.w3.org/2000/09/xmldsig#dsa-sha1??
RSA: ??http://www.w3.org/2000/09/xmldsig#rsa-sha1??
The SAML spec :
5.4.1 Signing Formats and Algorithms
SAML processors SHOULD support the use of RSA signing and verification for public key
operations in accordance with the algorithm identified by http://www.w3.org/2000/09/xmldsig#rsa-sha1.
Related Articles
How to view a certificate fingerprint as SHA-256, SHA-1 or MD5 using OpenSSL for RSA Authentication Manager Number of Views How to create a CA hierarchy where one subordinate CA uses SHA1 and another subordinate CA uses SHA2 while both sub CA's … Number of Views When signing a SHA256 CA off a SHA1 Root CA it does not have a SHA256 signature algorithm in RCM Number of Views RACF-SSH based connector fails with Unable to Negotiate Key Exchange error in RSA Governance & Lifecycle Number of Views Enable SSH debug logs for RSA Authentication Manager 8.x Number of Views
Trending Articles
RSA Authentication Manager Upgrade Process RSA Authentication Manager Patch Updates RSA SecurID Software Token 4.1.2 and 4.2.1 for Mac OS X displays: No token storage device was detected. Verify that the de… How to manipulate imported RSA SecurID Software Token(s) on an iPhone or iPad device RSA SecurID software token .sdtid file fails to import into RSA SecurID Software Token 5.0 for Windows
Don't see what you're looking for?
