Federation Security Services GuideDeploying Federation without the FSS Sample ApplicationAdd Functionality to the Federation DeploymentEncrypt and Decrypt the Assertion › Enable Encryption in the Policy Server User Interface at the IdP

Previous Topic: Add a Public Key to Smkeydatabase at the IdP

Next Topic: Decrypt an Encrypted Assertion at the SP
Enable Encryption in the Policy Server User Interface at the IdP

To enable encryption at the IdP

  1. Log on to the FSS Administrative UI.
  2. From the Service Provider Properties dialog, select the Encryption tab.
  3. Check the Encrypt Assertion check box.
  4. Accept the defaults for the Encryption Block Algorithm and the Encryption Key Algorithm.
  5. In the Issuer DN, enter the issuer of the Service Provider's public key. In this deployment, the public key is sp-encrypt.crt.

    CN=Doc Certificate Authority, OU=Doc, O=CA.COM

    Note: The value you enter for the Issuer DN field should match the issuer DN of the certificate in the smkeydatabase. We recommend you open a command window and enter the command smkeytool -listCerts to list the certificates and view the DN to ensure that you enter a matching value.

  6. In the Serial Number field, enter the serial number of the public key that resides in the Identity Provider's smkeydatabase. In this deployment, the value is 00EFF6AFB49925C3F4

    The number must be hexadecimal.

  7. Click OK to save your changes.
  8. Decrypt an Encrypted Assertion at the SP.

Copyright © 2010 CA. All rights reserved. Email CA about this topic