Go to Identity Servers > Servers > Edit > SAML 2.0 > Service Provider > Options and set up the following options for a service provider:
SAML2 SIGN METHODDIGEST SHA256: By default, this option is enabled. Assertions use the SHA 256 algorithm as a hashing algorithm for the service provider. You can disable this option by selecting false.
SAML2 POST SIGN RESPONSE TRUSTEDPROVIDERS:Select true. The identity provider will sign the entire SAML 2.0 response for the service provider.
SAML2 AVOID AUDIENCE RESTRICTION: Select true to avoid sending the audience restriction information with assertion to this service provider.
IS SAML2 POST SIGN RESPONSE: Select true to enable the identity provider to send signed SAML 2.0 post responses to all its trusted providers.
NOTE:Configuring IS SAML2 POST SIGN RESPONSE is same as configuring the SignPost in web.xml. However, configuring it through Administration Console is recommended because it provides more options. You can combine these options with IS SAML2 POST SIGN RESPONSE to avoid Access Manager restarts.