Layer 7 API Management

Expand all | Collapse all

SAML token signing using SHA 256

  • 1.  SAML token signing using SHA 256

    Posted 02-21-2018 08:07 AM

    Hi all

     

    We're trying to sign a SAML token using the SHA 256 algorithm. We're using the "Create SAML Token" assertion to generate the SAML token. On step 10 we enable the checkbox "Sign Assertion with an Enveloped Signature" (see screenshot below). On the assertion we selected a private key which was generated using the SHA-256  algorithm (see second screenshot below).

     

    However when looking at the generated SAML assertion xml, the used signature algorithm is SHA-1 (see last screenshot below). We see the same behaviour when signing using the "Build SAML Protocol Response" assertion. 

     

    Does anyone know how this should be configured to make sure the SHA_256 algorithm is used when signing?

     

    Tested this on API Gateway version 9.1.01. 


    Thanks
    Samuel

     



  • 2.  Re: SAML token signing using SHA 256

    Posted 05-15-2018 02:15 PM

    I found an article over at CoreBlox that shows a pretty good example of how to build a SAML response from assertion and sign it.  See here: Integrating CA API Gateway with Office 365 — CoreBlox 



  • 3.  Re: SAML token signing using SHA 256

    Posted 05-21-2018 12:32 PM

    Hi samuel.vandecasteele,

     

    I came across this problem as well and have created a KB for it. Please try it out at the link below:

     

    SAML Token Secure Hash - CA Knowledge 

     

     

     

    Kind Regards,

    Anwar