|
|
|
For SAML 2.0, you can configure Federation Manager to encrypt an entire assertion, the NameID, or other attributes. If you enable encryption, the asserting party uses the certificate (public key) the relying party sends to encrypt data. Before any transaction, the relying party sends the certificate to the asserting party in an out-of-band exchange. The relying party uses the private key/certificate pair to decrypt the data.
Note: SAML 1.1 does not support encryption of assertion data.
| Copyright © 2012 CA. All rights reserved. |
|