ALERT: Some images may not load properly within the Knowledge Base Article. If you see a broken image, please right-click and select 'Open image in a new tab'. We apologize for this inconvenience.

Singing algorithm is coming as SHA1 in Metadata export even though we select SHA256 in Entity/Partnership


Article ID: 4732


Updated On:


CA Single Sign On Secure Proxy Server (SiteMinder) CA Single Sign On SOA Security Manager (SiteMinder) CA Single Sign-On


We could see that Singing algorithm is coming as SHA1 in Metadata even though we select SHA256 in Entity/Partnership. 


<EntityDescriptor xmlns="urn:oasis:names:tc:SAML:2.0:metadata" ID="SM278b11a41bf75c62634a3aa72fb940bc66a60c4186" entityID="sharuIDP" validUntil="2016-05-09T14:04:49.430+00:00"> 

<ds:Signature xmlns:ds=""> 


<ds:CanonicalizationMethod Algorithm="" /> 

<ds:SignatureMethod Algorithm="" /> 

<ds:Reference URI="#SM278b11a41bf75c62634a3aa72fb940bc66a60c4186"> 


<ds:Transform Algorithm="" /> 

<ds:Transform Algorithm="" /> 


<ds:DigestMethod Algorithm="" /> 





We were not passing selected signing algorithm while exporting meta data. So it is taking default signing algorithm as SHA1 while exporting meta data. This is a defect Identified in R12.51 CR04


R12.51 and R12.52 SP1


This Defect is fixed in r12.52 SP1 CR05 and r12.51 CR10

Kindly upgrade your policy server and adminui to the above mentioned versions to get the fix.

Additional Information