Notifications

67 views

Description

How to configure your Identity Provider to use SHA-256 instead of the default SHA-1 algorithm





Release or Environment

All releases

Instructions

 

 

  •  On the Identity Provider record- 
    - Set the Identity Provider's SingleLogoutRequest field. For ex) if you are using ADFS- https://<adfs.url.com>/adfs/ls where <adfs.url.com> 
    - Set the credentials for the Signing/Encryption Key Alias and Signing/Encryption Key Alias on the identity provider record in ServiceNow. Default value for each is: saml2sp 
    - Set the Signing Signature Algorithm to be the SHA-256 specification which is http://www.w3.org/2001/04/xmldsig-more#rsa-sha256. Please double check that SHA-256 is also set on the Relaying Party Trust on the IdP side 
    - Tick the Sign AuthnRequest 
    - Once all this is set, use the Generate Metadata button in ServiceNow for the identity provider, to generate the XML for importing into the IdP

Article Information

Last Updated:2020-03-25 18:31:08
Published:2020-03-26