We are planning to retire SHA-1 signing mechanism for SAML exchange between BizX Generic IdP and downstream applications in favor of SHA-256 for better security by end of year 2021. (Planned date)
Image/data in this KBA is from SAP internal systems, sample data, or demo systems. Any resemblance to real data is purely coincidental.
What is Involved
There are Assertion Consumer Service entries in customer provisioning setting and each is meant for the integration with a downstream application (internal/partner/third party). This mechanism was using SHA-1 which should be changed to SHA-256 in the future.
Towards this, we have introduced Application Name (for better identification) and a flag to indicate whether the integration is using SHA-256 signing mechanism. If the flag is not checked, then by default SHA-1 is used. In addition, we have provided a link to download SuccessFactors IdP metadata for SHA-256. The URL is in the format: https://<DC_URL>/idp/samlmetadata?company=<company_id>&cert=sha2
SAP SuccessFactors HXM Suite
SHA256 Outbound SSO SF-IDP SuccessFactors native IdP , KBA , LOD-SF-PLT-PRV , Provisioning Changes , LOD-SF-PLT-SAM , SAML SSO First Time Setup , LOD-SF-PLT-SEL , SSO Errors & Logs , LOD-SF-JAM-INT , Integration with SF BizX , LOD-SF-LMS-INT , Integrations with BizX , How To
About this pageThis is a preview of a SAP Knowledge Base Article. Click more to access the full version on SAP ONE Support launchpad (Login required).
Search for additional results
Visit SAP Support Portal's SAP Notes and KBA Search.