Why is my response signature always SHA 256?

I have added this to my partner configuration section per others here on the forum:
“SignSamlResponse”: true,
“SignatureMethod”: “http//www.w3.org/2000/09/xmldsig#rsa-sha1”,

But my response always returns
<SignatureMethod Algorithm=“”>http://www.w3.org/2001/04/xmldsig-more#rsa-sha256"/>

If you can help, I appreciate it!

Please enable SAML trace and send the generated log file as an email attachment to support@componentspace.com mentioning your forum post.


I’d like to see the SAML trace at the identity provider application from application start-up through to the SAML response being sent.


Sorry I didn’t spot this earlier. SignatureMethod isn’t the setting. It should be SignatureAlgorithm. Also, you probably want to specify the digest algorithm as well.

“DigestAlgorithm”: "<a href=“http://www.w3.org/2000/09/xmldsig#sha1",">http://www.w3.org/2000/09/xmldsig#sha1",</a><br/>"SignatureAlgorithm”: "<a href=“http://www.w3.org/2000/09/xmldsig#rsa-sha1",">http://www.w3.org/2000/09/xmldsig#rsa-sha1”,

Thank you, that fixed it.

The support here is awesome. We have finished our evaluation and will definitely be purchasing your product.


Thanks Bill for your kind words.