Ultimate SAML: SHA 256 Logout Request: ADFS SAML request is not signed with expected signature algorithm

Login is working with SHA 256. Service Provider initiated logout is having issues. SHA 1 is working correctly. The only change in with SHA 256 test is updating the ADFS Relying party to use SHA256. In code switching to signing with SHA 256. Using ComponentPro.Saml V 7.2.238 Error from ADFS: SAML request is not signed with expected signature algorithm. SAML request is signed with signature algorithm http://www.w3.org/2001/04/xmldsig-more#rsa-sha256 . Expected signature algorithm is http://www.w3.org/2000/09/xmldsig#rsa-sha1 User Action: Verify that signature algorithm for the partner is configured as expected. SAML Logout Request myNetLearning ny27iiavqQIWzQsFF3URKUWrWZRSd7aAwcOpIH29cbI= Pd7Q 5/gCRhXWVbPUQzyZS /kh57eCpK2kCqr439R53TWRtS5zE15FDsRAGyIVcOj2TyRxDBgC71HQYbO7jCfn4w4GxSRSCcrOyS7XKRze0/Th8/SzqGL8zI33z5E kmYuYAIbRBGGbr4mo/vMAnBuikHsmakNQyWEyGwBDiWFLvrQiNnXLI/U0uVKL/KGyM1DE6J20FG9 gonHxa4x3OFroaupmMhOMYg 9WnHhW0sbNY63Z jyOqZ3LETYctEvr FpFHYhYWo99ZTT9/zFKQ2zS 1tyu15aQbEQP95fplUZUPlHiqsFZuBq9PYT417r1ubHhxPdbFZMtrifvMpiA== nl tech support Method to sign request public void RedirectToIdentityProvider(HttpContextBase context, ISsoConfiguration configuration, string returnUrl) { var logoutRequest = new LogoutRequest { Destination = configuration.IdentityProviderLogoutUrl, Issuer = new Issuer(WebConfigurationManager.AppSettings["RelyingPartyIdentifier"]), NameId = new NameId(context.User.Identity.Name) }; X509Certificate2 x509Certificate = CertificateManager .GetCertificate(StoreName.My, StoreLocation.LocalMachine, configuration.NlSigningCertificate.IsNullOrEmpty() ? WebConfigurationManager.AppSettings["CertificateSubjectName"] : configuration.NlSigningCertificate, true); if (configuration.SigningAlgorithm == Crypto.HashAlgorithmTypes.SHA256) { logoutRequest.Sign(x509Certificate.PrivateKey, "http://www.w3.org/2001/04/xmlenc#sha256", "http://www.w3.org/2001/04/xmldsig-more#rsa-sha256"); } else { logoutRequest.Sign(x509Certificate.PrivateKey); } logoutRequest.Redirect(context.Response, getIdentityProviderUrl(configuration.IdentityProviderLogoutUrl), null, x509Certificate.PrivateKey); }

I suspect that somehow your IdP partner is configured to use rsa-sha1. You can check it on the partner first if it used rsa-sha256 on logout method or not.