Encryption

PingFederate supports the optional SAML 2.0 specification allowing for encryption of assertions, including security token service (STS) SAML tokens, which further enhances confidentiality when required.

For SAML 2.0 single sign-on (SSO) connections, you can choose to encrypt entire assertions or individual user attributes, including the user’s name identifier. You can use signature verification and signing keys to encrypt and decrypt messages, respectively.