|
|
|
You can encrypt the Name ID in an assertion and/or the assertion itself. Encryption adds another level of protection when transmitting the assertion.
When you configure encryption, you must specify the partner certificate, which is included in the assertion. When the assertion arrives at the Service Provider, the Service Provider decrypts the encrypted data using the associated private key.
Note: If you have enabled encryption, when the first federation call is made, the memory of the Policy Server may increase substantially to load the encryption libraries and allocate additional memory.
| Copyright © 2010 CA. All rights reserved. | Email CA about this topic |