I may have uncovered a minor bug in ADFS 2.0...
When my config in ADFS for a Relying Party's Secure hash algorithm is set to SHA-256, but the Relying Party sends me a signed LogoutRequest using RSA-SHA1, ADFS reports an error to the user, and then the following Event Log message is written:
SAML request is not signed with expected signature algorithm. SAML request is signed with signature algorithm http://www.w3.org/2001/04/xmldsig-more#rsa-sha256 . Expected signature algorithm is http://www.w3.org/2000/09/xmldsig#rsa-sha1
User Action:
Verify that signature algorithm for the partner is configured as expected.
The message is actually backwards... Expected should be "SHA256", while 'signed with signature algorithm' should be rsa-sha1.
Bug? Or am I cross-eyed? :)