Skip to page contentSkip to chat
ServiceNow support
    • Community
      Ask questions, give advice, and connect with fellow ServiceNow professionals.
      Developer
      Build, test, and deploy applications
      Documentation
      Find detailed information about ServiceNow products, apps, features, and releases.
      Impact
      Accelerate ROI and amplify your expertise.
      Learning
      Build skills with instructor-led and online training.
      Partner
      Grow your business with promotions, news, and marketing tools
      ServiceNow
      Learn about ServiceNow products & solutions.
      Store
      Download certified apps and integrations that complement ServiceNow.
      Support
      Manage your instances, access self-help, and get technical support.
SHA-256 support for Single Sign On - Support and Troubleshooting
  • >
  • Knowledge Base
  • >
  • Support and Troubleshooting (Knowledge Base)
  • >
  • SHA-256 support for Single Sign On
KB0778491

SHA-256 support for Single Sign On


3009 Views Last updated : Jul 24, 2025 public Copy Permalink
KB Summary by Now Assist

Summary

How to configure your Identity Provider to use SHA-256 instead of the default SHA-1 algorithm





Release

All releases

Instructions

  • Enable the SAML 2.0 Keystore_Key2048_SHA256 SHA-256 keystore under x509 Certificate within the Multi-Provider SSO menu. 
    https://<instance-name>.service-now.com/nav_to.do?uri=sys_certificate.do?sys_id=3685fc22930212003c5537ae867ffb9


  • Set the system property glide.authenticate.sso.saml2.keystore to the sys_id of that SHA-256 keystore, to set it as the default keystore for signing identity provider SAML requests. 
    https://<instance-name>.service-now.com/nav_to.do?uri=sys_properties.do?sys_id=b4c45688db8bff4044a6413b3a9619e2ther 


  •  On the Identity Provider record- 
    - Set the Identity Provider's SingleLogoutRequest field. For ex) if you are using ADFS- https://<adfs.url.com>/adfs/ls where <adfs.url.com> 
    - Set the credentials for the Signing/Encryption Key Alias and Signing/Encryption Key Alias on the identity provider record in ServiceNow. Default value for each is: saml2sp 
    - Set the Signing Signature Algorithm to be the SHA-256 specification which is http://www.w3.org/2001/04/xmldsig-more#rsa-sha256. Please double check that SHA-256 is also set on the Relaying Party Trust on the IdP side 
    - Tick the Sign AuthnRequest 
    - Once all this is set, use the Generate Metadata button in ServiceNow for the identity provider, to generate the XML for importing into the IdP

The world works with ServiceNow.

Sign in for more! There's more content available only to authenticated users Sign in for more!
Did this KB article help you?
Did this KB article help you?

How would you rate your Now Support digital experience?

*

Very unsatisfied

Unsatisfied

Neutral

Satisfied

Very satisfied

Very unsatisfied

Unsatisfied

Neutral

Satisfied

Very satisfied

What can we improve? Please select all that apply.

What are we doing well? Please select all that apply.

Tell us more

*

Do you expect a response from this feedback?

  • Terms and conditions
  • Privacy statement
  • GDPR
  • Cookie policy
  • © 2025 ServiceNow. All rights reserved.