We're trying to sign a SAML token using the SHA 256 algorithm. We're using the "Create SAML Token" assertion to generate the SAML token. On step 10 we enable the checkbox "Sign Assertion with an Enveloped Signature" (see screenshot below). On the assertion we selected a private key which was generated using the SHA-256 algorithm (see second screenshot below).
However when looking at the generated SAML assertion xml, the used signature algorithm is SHA-1 (see last screenshot below). We see the same behaviour when signing using the "Build SAML Protocol Response" assertion.
Does anyone know how this should be configured to make sure the SHA_256 algorithm is used when signing?
Tested this on API Gateway version 9.1.01.
I found an article over at CoreBlox that shows a pretty good example of how to build a SAML response from assertion and sign it. See here: Integrating CA API Gateway with Office 365 — CoreBlox
I came across this problem as well and have created a KB for it. Please try it out at the link below:
SAML Token Secure Hash - CA Knowledge