~Dexter DeswechekyndsJun 17, 2015, 5:28 PM191 PostsIs SAML 2.1 even a complete spec yet?It doesn't appear to be per https://wiki.oasis-open.org/security/SAML21. As far as I know, ADFS 3.0 supports SAML 2.0. I have an operational SAML environment using 9.0.1 and ADFS 3.0 in Windows 2012 R2. Works fine for me.
~Martha BubkrozenJun 19, 2015, 12:25 PM7 PostsWhich version of certificates SHA-1 or SHA-2?Per default, ADFS 3.0 is using SHA-2 certificates. Most of my customers prefers SHA-2 certificates, which is also the default certificate format if they request new certificate from their CA: Are you using SHA-1 or SHA-2 certificates?
~Dexter DeswechekyndsJun 19, 2015, 4:46 PM191 PostsWhich certificates?I'm not sure which certs you're referring to. I'm 99 percent sure I've used SHA-2 exclusively in this environment, but I can check a particular cert to verify.
~Martha BubkrozenJun 19, 2015, 12:25 PM7 PostsWhich version of certificates SHA-1 or SHA-2?Per default, ADFS 3.0 is using SHA-2 certificates. Most of my customers prefers SHA-2 certificates, which is also the default certificate format if they request new certificate from their CA: Are you using SHA-1 or SHA-2 certificates?
~Tanita DesweverobuJun 19, 2015, 7:11 PM94 PostsI'm not aware of any issues caused by using SHA-2 certs for SAMLIn fact, the X.509 certificates are only used to contain the RSA keys when establishing a partnership - the SAML spec allows for raw keys to be used as well as certificates. Domino's SAML SP functionality also supports use of SHA-2 for signing Assertions and Responses. See the SAML section of this article for specifics on supported algorithms: http://www-10.lotus.com/ldd/dominowiki.nsf/dx/supported-key-sizes-in-notesdomino And the SAML tag in the Notes/Domino wiki for cookbooks and more. http://www-10.lotus.com/ldd/dominowiki.nsf/xpViewTags.xsp?categoryFilter=SAML