Support Article
Wrong Signature Algorithm attribute in Authentication Request
SA-52532
Summary
When generating an authentication request in pySAMLWebSSOAuthenticationActivity, the system generates an incorrect SignatureMethod Algorthm.
That is, <ds:SignatureMethod Algorithm="http://www.w3.org/2001/04/xmldsig-more#rsa-sha256"/> is not generated.
Instead, <ds:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"/> is generated.
This occurs when using:
- SAML based Single sign-on (SSO) for Smart Dispute Access using Web and Pega Web Mashup
- Certificates with RSA - SHA256 encryption
Error Messages
Not Applicable
Steps to Reproduce
Log an SAML request in Pega in cloud or on Active Directory Federation Services (ADFS).
Root Cause
A defect in Pegasystems’ code or rules.
The signature algorithm was hard coded. The signature algorithm was fetched from the SP certificate.
Resolution
Apply HFix-41903.
Published July 25, 2018 - Updated October 8, 2020
Have a question? Get answers now.
Visit the Collaboration Center to ask questions, engage in discussions, share ideas, and help others.