Does EPM Cloud support the SHA-2/SHA-256 encryption algorithm?
This question has been asked more frequently and we thought we would provide some information on the topic.
Thank you to Vinay Gupta, Consulting Member of Technical Staff, who provided a presentation on this topic.
There are two cases for EPM Cloud Support for SHA-256 Encryption Algorithm:
- SHA-256 encryption algorithm for browser/Smart View/EPM Automate connections
- SHA-256 encryption algorithm for SAML messages used for SSO with Identity Provider
SHA-256 encryption algorithm for browser/Smart View/EPM Automate connections
- Access to EPM Cloud via browser, Smart View, EPM Automate, and other supported clients is through TLS with SHA-2/SHA-256 encryption level
- It is recommended that the latest certified available browsers, which are compatible with higher cipher strengths and have improved security, be utilized for connecting to EPM Cloud.
SHA-256 encryption algorithm for SAML messages used for SSO with Identity Provider
- Oracle OAM Service Provider (SP) uses MD5 as the default to sign SAML messages to Identity Provider (IdP).
- If your IdP, such as SiteMinder, indicates that the signature validation of the authentication request from IDM fails because it is signed with MD5, while the IdP supports only newer algorithms (such as RSA).
- Create an SR requesting Exception request to provide SSO SP XML metadata (in SHA-256 format) from Oracle My Services portal, and use Problem Type as Hosting Services.
- Oracle will upload the SHA-256 based SP metadata to the SR, which you can then upload to the IdP.
Federated Identity Management - You can configure SSO with your SAML 2.0-based Identity Provider (IdP).