Federation Manager Guide › Federation Partnerships › Assertion Security with Digital Signatures and Encryption

Assertion Security with Digital Signatures and Encryption

Securing an assertion and encrypting data within the assertion is a critical part of partnership configuration. The Signature step (SAML 1.1) and the Signature and Encryption step (SAML 2.0) let you configure signing and encryption of assertions.

For SAML 2.0, you have the option of choosing a signing algorithm for signing tasks. The ability to choose an algorithm supports the following use cases:

• An IdP-->SP partnership where the IdP signs assertions, responses and/or SLO-SOAP messages with the RSAwithSHA1 or the RSAwithSHA256 algorithm.
• An SP-->IdP partnership where the SP signs authentication requests and/or SLO-SOAP messages with the RSAwithSHA1 or the RSAwithSHA256 algorithm.

If Federation Manager has to perform signature verification, it automatically detects which algorithm is in use on a signed document and verifies it accordingly. There is no configuration for signature verification that you have to do.