As of June 2023, Axero has updated its security requirements for all SAML transactions. To ensure the highest level of security, the use of the SHA-256 hashing algorithm is now required for newer versions of our software. This change addresses vulnerabilities in the older SHA-1 algorithm, significantly enhancing the security of your single sign-on (SSO) integrations.
If you're using SSO now or plan to do so in the future, follow the steps below to ensure a smooth upgrade.
Audit Your SSO Configuration
Begin by verifying if your SSO configuration already uses SHA-256. If it does, no further action is necessary.
If your SSO is still using SHA-1, an upgrade to SHA-256 is necessary.
Consult Your SSO Provider
Contact your SSO provider for instructions on upgrading to SHA-256. Providers often have specific tools or instructions to aid in this process. Common providers include:
Active Directory Federation Services (AD FS)
Azure Active Directory/Entra ID
Okta
OneLogin
Update Your Axero Configuration
After transitioning your SSO to SHA-256, it's important to update your Axero settings to align with this change. This usually requires updating both your Service Provider Certificate and, if needed, your Partner Identity Certificate.
Service Provider Certificate
Go to Control Panel > System > Single Sign On.
Under Service Provider Certificate (PFX), upload the new PFX certificate file.
Enter the certificate's password and click Update.
Partner Identity Certificate
If there's an update to your Partner Identity Certificate for SHA-256, upload the new certificate in PFX format.
Apply Changes
Go to System > Advanced System Utilities and click Restart Site to apply your updates.
Test Your SSO Integration
Failure to Update: SSO users may lose access if your site upgrades to a version released after June 2023 without transitioning to SHA-256. The Exception Logs will note errors due to unsupported SHA-1 algorithms. Should this happen:
Follow the above steps to upgrade to SHA-256.
If the site admin is locked out due to SSO restrictions, contact our support team by submitting a Private Case. We can provide temporary access to resolve the issue.
For further assistance, don't hesitate to contact our support team.
is requesting access to a wiki that you have locked: https://my.axerosolutions.com/spaces/5/communifire-documentation/wiki/view/96773/sha-256-for-enhanced-sso-security?locale=en-US%25252525252525252525252525252525252f1%25252525252525252525252525252525252f%25252525252525252525252525252525253fact%25252525252525252525252525252525253d1%25252525252525252525252525252525252f%25252525252525252525252525252525253fSpaceID%25252525252525252525252525252525253d5
Your session has expired. You are being logged out.