When using POST binding, SendAuthnRequestByHTTPPost allows for a signature to be generated using a specified digest method and signature algorithm, using SAMLMessageSignature.Generate.
However, SendAuthnRequestByHTTPRedirect requires AsymmetricAlgorithm to be provided, but has no overload to provide a digest method. Does it default to one? Does it derive a digest method from the AsymmetricAlgorithm?
ServiceProvider.SendAuthnRequestByHTTPRedirect includes an overload that takes a signatureAlgorithm parameter.
The signature algorithm defaults to http://www.w3.org/2001/04/xmldsig-more#rsa-sha256.
A digest method is not used with the HTTP-Redirect binding and therefore isn’t specified.
The signature generation is different from the XML signature generation used with HTTP-Post.
Please note that SendAuthnRequestByHTTPRedirect is part of the SAML low-level API.
We recommend using the SAML high-level API wherever possible.
SAMLServiceProvider.InitiateSSO is the equivalent high-level API.