question

Najdorf-9101 avatar image
0 Votes"
Najdorf-9101 asked piaudonn answered

adfs signature algo

A third party app was set to sha256 in the relying party trust. It worked fine until one day. The support had us change it back to sha1, which worked. The app provider later restarted their service after which sha256 worked again, that is, for sometime.

One thing that was observed when it didn't work was the saml response doesn't have a full response in the sense attributes are not sent over. We have applications that don't have any issues with sha256 but this particular one. Adfs is 3.0.

The vendor thinks its the adfs not sending over full saml response. But the same setting worked when initially set up and also after a service restart on their end. Any insight into where the problem may lie? Could saml request be a possible factor?

adfs
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

1 Answer

piaudonn avatar image
0 Votes"
piaudonn answered

If you want to check if your rules are issuing the proper claims in your token, I recommend you to use the Claim-X Ray test relying party trust.
Configure it as you configured your other applications and check if you are sending the right stuff.


5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.