Knowledge Base

Support Policies

How do I know if I am using SHA1 or SHA2 during SP initiated SAML calls?

SecureAuth version affected: N/A


Customer has a SP initiated realm such as Salesforce, but they do not know if they are using the SHA1 or SHA2 certificate to assert their identity. How do we confirm this?



Programs Required:


  1. [Make sure cache is cleared before proceeding]
  2. Open Firefox and open the SAML tracker add-on
  3. Browse to the login page of the service
  4. Login to the application and you will start seeing data flow into the SAML tracker.
  5. Look at the SAML tracer. Click on the line for the POST object. Go into the SAML tab. You're looking for the tag for SignatureMethod Algorithm:

Have more questions? Submit a request


Please sign in to leave a comment.