2449659 - SSO Implementation issues | SHA-256 vs SHA-1 encryption algorithms

• Screen keeps spinning on when trying to login via SSO;
• Screen enter in a back and forth behavior between IdP login screen and SuccessFactor's;
• Customer/Partner are encountering difficulty during SSO implementation;
• SSO is not working correctly and customer/partner requests assistance with SSO Setup;

SAP SuccessFactors HXM Suite

1. Access the IdP-Initiated login URL;
2. Type your credentials and attempt to login;
3. The authentication process behaves as following:
• the screen keep spinning on in a endless loop, or;
• it enter in a back and forth behavior between IdP and SuccessFactor's screens.

Customer's Identity Provider is using the SHA-256 algorithm — not supported — to encrypt the SAML Assertion Response when sending it to SuccessFactors.

SuccessFactors Provisioning doesn't work with the SHA-256 encryption algorithm.

Please kindly access your IdP settings and ensure it's using the SHA-1 algorithm instead. SuccessFactors will always work with this one.

Important: some IdPs take a considerable time to effect the algorithm change, hence, you may wait a couple of minutes for the cache to refresh the settings.

Please, also check the KBA 2957157 - When SSO BizX will upgrade the certificate based on SHA1?

IdP, SSO, SSO configuration, spinning, spinning screen, back & forth screen, SSO issue. , KBA , LOD-SF-PLT-SEL , SSO Errors & Logs , How To