|
|
|
The encryption feature ensures that the authentication scheme processes only an encrypted assertion and/or Name ID in the assertion.
For added security, the Identity Provider may have encrypted the Name ID, user attributes, and/or the entire assertion. Encryption adds another level of protection when transmitting the assertion. When encryption is enabled at the Identity Provider, the public key is used to encrypt the data. When the assertion arrives at the Service Provider, it decrypts the encrypted data with the associated private key.
When you configure the encryption at the Session Provider, the assertion must contain an encrypted Name ID and/or assertion or the Service Provider will not accept the assertion.
| Copyright © 2010 CA. All rights reserved. | Email CA about this topic |