For SAML 2.0 you can configure federation security services to encrypt an entire assertion, the NameID, or other attributes. If you enable encryption, the asserting party uses the certificate (public key) sent by the relying party to encrypt data. Before any transaction, the relying party sends the certificate to the asserting party in an out-of-band exchange. The relying party uses the private key/certificate pair to decrypt the data.
Note: SAML 1.1 does not support encryption of assertion data.
|
Copyright © 2012 CA.
All rights reserved.
|
|