Federation Security Services Guide › Deploying Federation without the FSS Sample Application › Add Functionality to the Federation Deployment › Encrypt and Decrypt the Assertion

Encrypt and Decrypt the Assertion

For added security, you can encrypt the assertion. Encryption is an optional task that can be performed after you have configured a basic single sign-on network.

The Identity Provider encrypts the assertion with the public key, which corresponds to the private key and certificate that the Service Provider uses to decrypt the assertion.

There are configuration tasks at the Identity Provider and Service Provider.

Required tasks at the IdP:

• Add a Public Key to SMkeydatabase at the IdP
• Enable Encryption in the Policy Server User Interface at the IdP

Required task at the SP:

• Decrypt an Encrypted Assertion at the SP