As of June 2023, Axero has updated its security requirements for all SAML transactions. To ensure the highest level of security, the SHA-256 hashing algorithm is now required for newer versions of our software. This change addresses vulnerabilities in the older SHA-1 algorithm, significantly enhancing the security of your single sign-on (SSO) integrations.
If you're using SSO now or plan to do so in the future, follow the steps below to ensure a smooth upgrade.
Audit Your SSO Configuration
Verify Current Configuration: First, check if your SSO configuration already uses SHA-256. If it does, no further action is necessary.
Upgrade Necessity: If your SSO still uses SHA-1, an upgrade to SHA-256 is necessary.
Consult Your SSO Provider
Contact your SSO provider for instructions on upgrading to SHA-256. Providers often have specific tools or instructions to aid in this process. Common providers include:
Active Directory Federation Services (AD FS)
Azure Active Directory/Entra ID
Okta
OneLogin
Update Your Axero Configuration
After transitioning your SSO to SHA-256, it's important to update your Axero settings to align with this change. This usually requires updating your Partner Identity Certificate and, if needed, your Service Provider Certificate.
Go to Control Panel > System > Single Sign On.
If you are using a Service Provider Certificate (PFX) for Single Logout:
Upload your new identity provider certificate in CER format.
Go to System > Advanced System Utilities and click Restart Site to apply your updates.
Test Your SSO Integration
Successful logins (not just activity) indicate a correct SHA-256 setup.
Failure to Update: SSO users may lose access if your site upgrades to a version released after June 2023 without transitioning to SHA-256. The Exception Logs will note errors due to unsupported SHA-1 algorithms. Should this happen:
Follow the above steps to upgrade to SHA-256.
If the site admin is locked out due to SSO restrictions, contact our support team by submitting a Private Case. We can provide temporary access to resolve the issue.
For further assistance, don't hesitate to contact our support team.
is requesting access to a wiki that you have locked: https://my.axerosolutions.com/spaces/5/communifire-documentation/wiki/view/96773/sha-256-for-enhanced-sso-security?locale=en-US%25252525252525252525252525252525252525252525252525252525252525252525252525252525252525252525252525252525252525252525252525252525252525252525252525252525252525252525252525252525252525252525252525252525252525252525252525252525252525252525252525252525252525252525252525252525252525252525252525252525252525252525252525252525252525252525252525252525252525252f1%25252525252525252525252525252525252525252525252525252525252525252525252525252525252525252525252525252525252525252525252525252525252525252525252525252525252525252525252525252525252525252525252525252525252525252525252525252525252525252525252525252525252525252525252525252525252525252525252525252525252525252525252525252525252525252525252525252525252525252f%25252525252525252525252525252525252525252525252525252525252525252525252525252525252525252525252525252525252525252525252525252525252525252525252525252525252525252525252525252525252525252525252525252525252525252525252525252525252525252525252525252525252525252525252525252525252525252525252525252525252525252525252525252525252525252525252525252525252525253fact%25252525252525252525252525252525252525252525252525252525252525252525252525252525252525252525252525252525252525252525252525252525252525252525252525252525252525252525252525252525252525252525252525252525252525252525252525252525252525252525252525252525252525252525252525252525252525252525252525252525252525252525252525252525252525252525252525252525252525253d1%25252525252525252525252525252525252525252525252525252525252525252525252525252525252525252525252525252525252525252525252525252525252525252525252525252525252525252525252525252525252525252525252525252525252525252525252525252525252525252525252525252525252525252525252525252525252525252525252525252525252525252525252525252525252525252525252525252525252525252f%25252525252525252525252525252525252525252525252525252525252525252525252525252525252525252525252525252525252525252525252525252525252525252525252525252525252525252525252525252525252525252525252525252525252525252525252525252525252525252525252525252525252525252525252525252525252525252525252525252525252525252525252525252525252525252525252525252525252525253fSpaceID%25252525252525252525252525252525252525252525252525252525252525252525252525252525252525252525252525252525252525252525252525252525252525252525252525252525252525252525252525252525252525252525252525252525252525252525252525252525252525252525252525252525252525252525252525252525252525252525252525252525252525252525252525252525252525252525252525252525252525253d5
Your session has expired. You are being logged out.