Previous Topic: Add a Public Key to Smkeydatabase at the IdPNext Topic: Decrypt an Encrypted Assertion at the SP

Federation Security Services GuideDeploy Federation Using a Manual ConfigurationAdd Functionality to the Federation DeploymentEncrypt and Decrypt the AssertionEnable Encryption in the Policy Server User Interface at the IdP

Enable Encryption in the Policy Server User Interface at the IdP

To enable encryption at the IdP

  1. Log on to the FSS Administrative UI.
  2. From the Service Provider Properties dialog, select the Encryption tab.
  3. Select the Encrypt Assertion.
  4. Accept the defaults for the Encryption Block Algorithm and the Encryption Key Algorithm.
  5. In the Issuer DN, enter the issuer of the Service Provider public key. In this deployment, the public key is sp-encrypt.crt.

    CN=Doc Certificate Authority, OU=Doc, O=CA.COM

    Note: The value you enter for the Issuer DN field should match the issuer DN of the certificate in the smkeydatabase. We recommend you to open a command window and enter the command smkeytool -listCerts to list the certificates. View the DN to verify at you enter a matching value.

  6. In the Serial Number field, enter the serial number of the public key that resides in the smkeydatabase of the Identity Provider. In this deployment, the value is 00EFF6AFB49925C3F4

    The number must be hexadecimal.

  7. Click OK to save your changes.
  8. Decrypt an Encrypted Assertion at the SP.