Managing the signature algorithm for the SAML Session Provider

The SAML Session Provider is configured to use two different signature algorithms: SHA-256 and SHA-1. The preferred algorithm is SHA-256, which is the default for new installations.

The configured signature algorithm is used in the these instances:

• When the SAML Session Provider is configured to sign AuthnRequests

• When sending LogoutResponses back to Ming.le

The signature algorithm configured in the SAML Session Provider must match the algorithm configured for the Relying Party Trust (RPT) in the Identity Provider. By default, the RPT created by IFS for the SAML Session Provider in the IdP uses SHA-1 in IFS up to version 12.0.2. In later versions of LTR or Infor OS, the default algorithm is SHA-256.