"Could not create hash algorithm object" error occurs when attempting to login to an SSO application

You may encounter the following error page when attempting to login to an SSO application:

This error will occur if the wrong signature algorithm and digest methods are selected for the SAML Single Sign-On Connection.

To correct this issue, open the EmpowerID Management Console and click on the ribbon at the top left and select Configuration Manager. Expand Federation > SAML > SAML Single Sign-On Connections. Open the Service Provider or Identity Provider that is causing the error and click on the Advanced tab. Under the Signing and Encryption section, ensure that the Signature Algorithm and the Digest Method match the properties of the SSL certificate used to sign or validate the SAML assertion.

The default is Signature Algorithm: RSA_SHA1 and Digest Method: SHA1. After changing these settings to match your SSL certificate, please run iisreset /restart on all of your EmpowerID IIS servers (or wait until the EmpowerID application pools have recycled) and then attempt to login to your SSO application again.

Please feel free to contact us by e-mail at support@empowerid.com or by phone at (877) 996-4276 (Option 2) if you have any questions or concerns regarding this guide.

Have more questions? Submit a request


Powered by Zendesk