Singing algorithm is coming as SHA1 in Metadata export even though we select SHA256 in Entity/Partnership

Document ID : KB000004732
Last Modified Date : 14/02/2018
Show Technical Document Details
Issue:

We could see that Singing algorithm is coming as SHA1 in Metadata even though we select SHA256 in Entity/Partnership. 

 

<EntityDescriptor xmlns="urn:oasis:names:tc:SAML:2.0:metadata" ID="SM278b11a41bf75c62634a3aa72fb940bc66a60c4186" entityID="sharuIDP" validUntil="2016-05-09T14:04:49.430+00:00"> 

<ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#"> 

<ds:SignedInfo> 

<ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" /> 

<ds:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1" /> 

<ds:Reference URI="#SM278b11a41bf75c62634a3aa72fb940bc66a60c4186"> 

<ds:Transforms> 

<ds:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature" /> 

<ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" /> 

</ds:Transforms> 

<ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" /> 

<ds:DigestValue>yKqfh81rers6dXKGekJ0JrYr8qc=</ds:DigestValue> 

</ds:Reference> 

</ds:SignedInfo>

Environment:
R12.51 and R12.52 SP1
Cause:

We were not passing selected signing algorithm while exporting meta data. So it is taking default signing algorithm as SHA1 while exporting meta data. This is a defect Identified in R12.51 CR04

Resolution:

This Defect is fixed in r12.52 SP1 CR05 and r12.51 CR10

Kindly upgrade your policy server and adminui to the above mentioned versions to get the fix.

Additional Information:

https://docops.ca.com/ca-single-sign-on/12-52-sp1/en/release-notes/cumulative-releases/defects-fixed-in-12-52-sp1-cr05