Layer7 API Management

 View Only
  • 1.  SAML token signing using SHA 256

    Posted Feb 21, 2018 08:07 AM

    Hi all


    We're trying to sign a SAML token using the SHA 256 algorithm. We're using the "Create SAML Token" assertion to generate the SAML token. On step 10 we enable the checkbox "Sign Assertion with an Enveloped Signature" (see screenshot below). On the assertion we selected a private key which was generated using the SHA-256  algorithm (see second screenshot below).


    However when looking at the generated SAML assertion xml, the used signature algorithm is SHA-1 (see last screenshot below). We see the same behaviour when signing using the "Build SAML Protocol Response" assertion. 


    Does anyone know how this should be configured to make sure the SHA_256 algorithm is used when signing?


    Tested this on API Gateway version 9.1.01. 



  • 2.  Re: SAML token signing using SHA 256

    Posted May 15, 2018 02:15 PM

    I found an article over at CoreBlox that shows a pretty good example of how to build a SAML response from assertion and sign it.  See here: Integrating CA API Gateway with Office 365 — CoreBlox 

  • 3.  Re: SAML token signing using SHA 256

    Posted May 21, 2018 12:32 PM

    Hi samuel.vandecasteele,


    I came across this problem as well and have created a KB for it. Please try it out at the link below:


    SAML Token Secure Hash - CA Knowledge 




    Kind Regards,