SecureAuth version affected: N/A
Customer has a SP initiated realm such as Salesforce, but they do not know if they are using the SHA1 or SHA2 certificate to assert their identity. How do we confirm this?
- SAML tracker Add-on for FireFox: https://addons.mozilla.org/en-US/firefox/addon/saml-tracer/
- [Make sure cache is cleared before proceeding]
- Open Firefox and open the SAML tracker add-on
- Browse to the login page of the service
- Login to the application and you will start seeing data flow into the SAML tracker.
- Look at the SAML tracer. Click on the line for the POST object. Go into the SAML tab. You're looking for the tag for SignatureMethod Algorithm: