Retrieving SHA256 thumbprint (fingerprint) for SAML SSO Certificates

Question

Retrieving SHA256 thumbprint (fingerprint) for SAML SSO Certificates

cyberScotty 20

The fingerprint for SAML-based sign-on for enterprise applications is currently only displayed in SHA1. Even when the signing algorithm is chanbed to SHA256 or it is SHA256 when a New Certificate is created, the thumbprint doesn't change and always remains as SHA1.

Having the fingerprint displayed in the selected signing algorithm would be extremely helpful -so if MS is reading, please do this!

ksnip_20230203-123422

Generate Your Own SHA256 Fingerprint from Certificate:

Download the certificate in Base64 format from the ellipses menu.
Visit www.samltool.com/fingerprint.php and paste in your X.509 cert.
Choose SHA1 and calculate, match the calcuated fingerpring with the AD thumbprint.
Then recalculate in SHA256, this is your SHA256 thumbprint.
Use the resulting SHA256 thumbprint (fingerprint) in your app.

User's image

cyberScotty 20 Reputation points

2023-02-07T00:53:20.2766667+00:00

Answer / solution is provided in the original post.
cyberScotty 20 Reputation points

2023-02-07T00:53:26.78+00:00

Answer in orig post.

Accepted answer

0 additional answers

Your answer

cyberScotty 20 Reputation points

2023-02-07T00:53:20.2766667+00:00

Answer / solution is provided in the original post.
cyberScotty 20 Reputation points

2023-02-07T00:53:26.78+00:00

Answer in orig post.

Answer 1

JamesTran-MSFT 36,911 Microsoft Employee Moderator

@cyberScotty

Thank you for your post and I'm glad that you were able to resolve your issue!

From your issue, I understand that the fingerprint of the SAML based certificate is only displayed in SHA1, even when changing or creating a new certificate with the Certificate signing algorithm set to SHA256.

Related issue - https://github.com/MicrosoftDocs/azure-docs/issues/11624

User's image

Note: The thumbprint is used to identify the certificate and it is not related to the signing algorithm.

I've reached out to our SAML team to see if they can share any inputs on this limitation within the Portal, and I've also created an internal feature request so our engineering team can look into implementing this.

Thank you!

JamesTran-MSFT 36,911 Reputation points Microsoft Employee Moderator

2023-03-07T23:25:25.2433333+00:00
@cyberScotty

Thank you for time and patience on this and I'm glad that you were able to resolve your issue! Since the Microsoft Q&A community has a policy that The question author cannot accept their own answer. They can only accept answers by others, I'll repost your solution in case you'd like to Accept the answer.

Generate Your Own SHA256 Fingerprint from Certificate:

Download the certificate in Base64 format from the ellipses menu.

Visit www.samltool.com/fingerprint.php and paste in your X.509 cert.

Choose SHA1 and calculate, match the calculated fingerprint with the AD thumbprint.

Then recalculate in SHA256, this is your SHA256 thumbprint.

Use the resulting SHA256 thumbprint (fingerprint) in your app.

If you have any other questions, please let me know. Thank you for your time and patience throughout this issue.
cyberScotty 20 Reputation points

2023-03-08T21:23:02.63+00:00

Legend, thanks. Hopefully someone finds it helpful. Hopefully the teams who own this process see some merit in this post and it becomes obsolete.

Share via

Retrieving SHA256 thumbprint (fingerprint) for SAML SSO Certificates

0 additional answers

Your answer