Transport and message security

The standards generally define two main ways of securing interactions: Secure Sockets Layer with Transport Level Security (SSL/TLS) and digital signatures. SSL/TLS is used in environments where both message confidentiality and integrity are required.

For SAML messaging, digital signatures are used to ensure the identity of both parties involved in the transaction and to validate that a message was received from a particular partner. With PingFederate®, you can also choose to encrypt SAML 2.0 messages, including SAML metadata files, as well as WS-Trust STS assertions to achieve increased privacy. For more information, refer to Security and Privacy Considerations for the OASIS Security Assertion Markup Language (SAML) V2.0 (docs.oasis-open.org/security/saml/v2.0/saml-sec-consider-2.0-os.pdf).

Tags Capability > User Provisioning; Capability > Single Sign On; Hosting Environment > On-Premises; Product > PingFederate > PingFederate 8.4; Product > PingFederate; Task Type > Deployment