Managing the signature algorithm for the SAML Session Provider

The SAML Session Provider can be configured to use two different signature algorithms: SHA-256 and SHA-1. The preferred algorithm is SHA-256, which is the default for new installations.

The configured signature algorithm is used in the following situations:

• When the SAML Session Provider is configured to sign AuthnRequests

• When sending LogoutResponses back to LTR or Infor OS

The signature algorithm configured in the SAML Session Provider must match the algorithm configured for the Relying Party Trust (RPT) in the Identity Provider. By default, the RPT created by IFS for the SAML Session Provider in the IdP uses SHA-1 in IFS/LTR or Infor OS up to version 12.0.2. In later versions of LTR or Infor OS, the default algorithm is SHA-256.