OIF 10g - Signing Algorithms Allowed (Doc ID 1364048.1)

Last updated on JUNE 07, 2017

Applies to:

Oracle Identity Federation - Version 10.1.4.3.0 and later
Information in this document applies to any platform.

Goal

We are starting a new SP initiated federation (we are the Idp).

When receiving the SAML message from the SP, we are getting a 500 error from OIF with the following messages in the federation-error.log :

11/09/13 06:52:07: ERROR - oracle.security.xmlsec.dsig.VerifyException: Unknown signature algorithm http://www.w3.org/2001/04/xmldsig-more#rsa-sha256
11/09/13 06:52:07: ERROR - oracle.security.fed.security.signature.exceptions.SignatureVerificationException: oracle.security.xmlsec.dsig.VerifyException: Unknown signature algorithm http://www.w3.org/2001/04/xmldsig-more#rsa-sha256; oracle.security.xmlsec.dsig.VerifyException: Unknown signature algorithm http://www.w3.org/2001/04/xmldsig-more#rsa-sha256
11/09/13 06:52:07: ERROR - oracle.security.fed.controller.web.action.RequestHandlerRuntimeException: XML signature verification failed. oracle.security.xmlsec.dsig.VerifyException: Unknown signature algorithm http://www.w3.org/2001/04/xmldsig-more#rsa-sha256; oracle.security.fed.security.signature.exceptions.SignatureVerificationException: oracle.security.xmlsec.dsig.VerifyException: Unknown signature algorithm http://www.w3.org/2001/04/xmldsig-more#rsa-sha256; oracle.security.xmlsec.dsig.VerifyException: Unknown signature algorithm http://www.w3.org/2001/04/xmldsig-more#rsa-sha256


The service provider has indicated that they can sign with any of the following: RSA SHA-1, SHA-256, SHA-384, SHA-512. When SP changed to SHA-1 and it worked fine.

How can I find out what signature algorithms are allowed?
Are we able to change our OIF to allow SHA-256?



Solution

Sign In with your My Oracle Support account

Don't have a My Oracle Support account? Click to get started

My Oracle Support provides customers with access to over a
Million Knowledge Articles and hundreds of Community platforms