topic (ADFS) SP-Initiated Single Logout (SLO) / SHA256 in Network Access Control https://community.cisco.com/t5/network-access-control/adfs-sp-initiated-single-logout-slo-sha256/m-p/3526792#M519105 <HTML><HEAD></HEAD><BODY><P>Hi, is ISE going to support SHA256 to do SLO in the next releases?</P><P></P><P>Right now we have this info:</P><P></P><P>"For this to work we need to set the secure hash algorithm to SHA1 instead of the default SHA-256.</P><P>This is set in ISE relying party trust properties under advanced.</P><P>If you don’t set this you’ll get the following message in to the ADFS event log:</P><P>Event ID: 378</P><P>SAML request is not signed with expected signature algorithm. SAML request is signed with</P><P><SPAN>signature algorithm </SPAN><A class="jive-link-external-small" href="http://www.w3.org/2001/04/xmldsig-more#rsa-sha256" rel="nofollow" target="_blank">http://www.w3.org/2001/04/xmldsig-more#rsa-sha256</A><SPAN> . Expected signature</SPAN></P><P><SPAN>algorithm is </SPAN><A class="jive-link-external-small" href="http://www.w3.org/2000/09/xmldsig#rsa-sha1" rel="nofollow" target="_blank">http://www.w3.org/2000/09/xmldsig#rsa-sha1</A><SPAN>"</SPAN></P><P></P><P>Thanks</P></BODY></HTML> Thu, 14 Dec 2017 15:10:04 GMT atapiafl@cisco.com 2017-12-14T15:10:04Z (ADFS) SP-Initiated Single Logout (SLO) / SHA256 https://community.cisco.com/t5/network-access-control/adfs-sp-initiated-single-logout-slo-sha256/m-p/3526792#M519105 <HTML><HEAD></HEAD><BODY><P>Hi, is ISE going to support SHA256 to do SLO in the next releases?</P><P></P><P>Right now we have this info:</P><P></P><P>"For this to work we need to set the secure hash algorithm to SHA1 instead of the default SHA-256.</P><P>This is set in ISE relying party trust properties under advanced.</P><P>If you don’t set this you’ll get the following message in to the ADFS event log:</P><P>Event ID: 378</P><P>SAML request is not signed with expected signature algorithm. SAML request is signed with</P><P><SPAN>signature algorithm </SPAN><A class="jive-link-external-small" href="http://www.w3.org/2001/04/xmldsig-more#rsa-sha256" rel="nofollow" target="_blank">http://www.w3.org/2001/04/xmldsig-more#rsa-sha256</A><SPAN> . Expected signature</SPAN></P><P><SPAN>algorithm is </SPAN><A class="jive-link-external-small" href="http://www.w3.org/2000/09/xmldsig#rsa-sha1" rel="nofollow" target="_blank">http://www.w3.org/2000/09/xmldsig#rsa-sha1</A><SPAN>"</SPAN></P><P></P><P>Thanks</P></BODY></HTML> Thu, 14 Dec 2017 15:10:04 GMT https://community.cisco.com/t5/network-access-control/adfs-sp-initiated-single-logout-slo-sha256/m-p/3526792#M519105 atapiafl@cisco.com 2017-12-14T15:10:04Z Re: (ADFS) SP-Initiated Single Logout (SLO) / SHA256 https://community.cisco.com/t5/network-access-control/adfs-sp-initiated-single-logout-slo-sha256/m-p/3526793#M519108 <HTML><HEAD></HEAD><BODY><P>Please work with the ISE product managers on features. We don’t discuss futures in public forum</P></BODY></HTML> Thu, 14 Dec 2017 15:25:30 GMT https://community.cisco.com/t5/network-access-control/adfs-sp-initiated-single-logout-slo-sha256/m-p/3526793#M519108 Jason Kunst 2017-12-14T15:25:30Z