Managing the signature algorithm for the SAML Session Provider

The SAML Session Provider can be configured to use two different signature algorithms: SHA-256 and SHA-1. The preferred algorithm is SHA-256, which is the default for new installations.

The configured signature algorithm is used in the following situations:

The signature algorithm configured in the SAML Session Provider must match the algorithm configured for the Relying Party Trust (RPT) in the Identity Provider. By default, the RPT created by IFS for the SAML Session Provider in the IdP uses SHA-1 in IFS/Xi Platform up to version 12.0.2. In later versions of Xi Platform, the default algorithm is SHA-256.