The encryption feature specifies that the authentication scheme processes only an encrypted assertion or Name ID in the assertion.
For added security, the Identity Provider can encrypt the Name ID, user attributes, or the entire assertion. Encryption adds another level of protection when transmitting the assertion. When encryption is enabled at the Identity Provider, the certificate (public key) is used to encrypt the data. When the assertion arrives at the Service Provider, it decrypts the encrypted data with the associated private key.
When you configure encryption at the Session Provider, the assertion must contain an encrypted Name ID or assertion or the Service Provider rejects the assertion.
|
Copyright © 2012 CA.
All rights reserved.
|
|