Skip to content

Correct fingerprint algorithm to SHA1 #1607

New issue

Have a question about this project? # for a free GitHub account to open an issue and contact its maintainers and the community.

#

By clicking “#”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? # to your account

Jump to bottom
Open
wants to merge 3 commits into
base: main
Choose a base branch
from
Open

Correct fingerprint algorithm to SHA1 #1607

wants to merge 3 commits into from

Conversation

iinuwa
Copy link

@iinuwa iinuwa commented Jun 7, 2025

Entra uses SHA-1 fingerprints throughout the product (in the Portal, CLI, etc.). If you try to use a SHA256 fingerprint in x5t for the client assertion, an error is thrown. Changing it to SHA-1 works.

Furthermore, the JWT specification states that x5t is explicitly a SHA-1 value, and that x5t#S256 is a SHA-256 value.

I think this is a typo and should be fixed.

@prmerger-automator PRMerger Automator
Copy link
Contributor

@iinuwa : Thanks for your contribution! The author(s) and reviewer(s) have been notified to review your proposed change.

@prmerger-automator prmerger-automator bot requested a review from nickludwig June 7, 2025 21:33
@learn-build-service-prod Learn Build Service (PROD)
Copy link
Contributor

Learn Build status updates of commit ddbf303:

✅ Validation status: passed

File Status Preview URL Details
docs/identity-platform/certificate-credentials.md ✅Succeeded

For more details, please refer to the build report.

@learn-build-service-prod Learn Build Service (PROD)
Copy link
Contributor

Learn Build status updates of commit 3891c3b:

✅ Validation status: passed

File Status Preview URL Details
docs/identity-platform/certificate-credentials.md ✅Succeeded

For more details, please refer to the build report.

@learn-build-service-prod Learn Build Service (PROD)
Copy link
Contributor

Learn Build status updates of commit c700223:

✅ Validation status: passed

File Status Preview URL Details
docs/identity-platform/certificate-credentials.md ✅Succeeded

For more details, please refer to the build report.

@v-regandowner
Copy link
Contributor

@OwenRichards1 - Can you review the proposed changes?

IMPORTANT: When the changes are ready for publication, adding a #sign-off comment is the best way to signal that the PR is ready for the review team to merge.

#label:"aq-pr-triaged"
@MicrosoftDocs/public-repo-pr-review-team

@iinuwa
Copy link
Author

iinuwa commented Jun 17, 2025

IMPORTANT: When the changes are ready for publication, adding a #sign-off comment is the best way to signal that the PR is ready for the review team to merge.

Is this note for me or MSFT?

@v-regandowner
Copy link
Contributor

IMPORTANT: When the changes are ready for publication, adding a #sign-off comment is the best way to signal that the PR is ready for the review team to merge.

Is this note for me or MSFT?

This is a note for @OwenRichards1.

# for free to join this conversation on GitHub. Already have an account? # to comment
Reviewers

@OwenRichards1 OwenRichards1 Awaiting requested review from OwenRichards1

@jmprieur jmprieur Awaiting requested review from jmprieur

@nickludwig nickludwig Awaiting requested review from nickludwig

Assignees

@OwenRichards1 OwenRichards1

Labels
aq-pr-triaged Change sent to author do-not-merge identity-platform/svc
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@iinuwa @v-regandowner @OwenRichards1