SAML Token Secure Hash
Document ID :
Last Modified Date :
Show Technical Document Details
CA API Management Gateway
I'm using the "Create Signed Bearer-Token SAML Token" assertion and I don't want to use SHA-1 for signing, since it's insecure. How can I use SHA-256 or something secure?
Although it is not supported on the assertion itself, you can sign the token using the "(Non-SOAP) Sign XML Element Assertion" instead. You can view more information about this assertion on the link below:
Attached to this article is also a sample policy that signs the SAML token with SHA-256.
Was this information helpful?