When attempting to configure SAML 2.0 integration between CA Identity Manager and Microsoft ADFS, administrators may find that the signing algorithm does not follow the configured setting. Specifically, even when RSA-SHA256 is selected as the Signing Algorithm in the Identity Manager Management UI, the outgoing SAML requests sent to the Identity Provider (IdP) continue to use the RSA-SHA1 algorithm. This mismatch can cause authentication failures if the IdP (such as ADFS) is configured to require the more secure SHA256 signature.

Product: CA Identity Manager / CA Identity Suite
Version: 14.5 SP1 CHF2 and below.

A code fix HF-IM14.5.1CHF2-DE657483-v2 has been developed to ensure the digest and signature algorithms correctly honor the RSA-SHA256 setting.

Hotfix can be obtained from Broadcom Support.

Hotfix should be applied on top of 14.5 SP1 CHF2.