---
title: Configuring XML encryption policy (SAML 2.0)
description: For SAML 2.0 configurations, in addition to using signed assertions to ensure authenticity, you and your partner can also agree to encrypt all or part of an assertion to improve privacy. If so, you can configure these settings on the Encryption Policy tab.
component: pingfederate
version: 13.1
page_id: pingfederate:administrators_reference_guide:help_spprotocolsettingstasklet_selectspxmlassertionencryptionstate
canonical_url: https://docs.pingidentity.com/pingfederate/13.1/administrators_reference_guide/help_spprotocolsettingstasklet_selectspxmlassertionencryptionstate.html
llms_txt: https://docs.pingidentity.com/pingfederate/llms.txt
docs_for_agents: https://developer.pingidentity.com/build-with-ai/docs-for-agents.md
revdate: July 5, 2022
section_ids:
  before-you-begin: Before you begin
  about-this-task: About this task
  steps: Steps
  result: Result
---

# Configuring XML encryption policy (SAML 2.0)

For SAML 2.0 configurations, in addition to using signed assertions to ensure authenticity, you and your partner can also agree to encrypt all or part of an assertion to improve privacy. If so, you can configure these settings on the **Encryption Policy** tab.

## Before you begin

For prerequisites and initial steps for configuring Browser SSO protocols, see [Configuring protocol settings](help_spbrowserssotasklet_spprotocolsettingsstate.html).

## About this task

|   |                                                                                           |
| - | ----------------------------------------------------------------------------------------- |
|   | For WS-Fed connections with SAML 2.0 assertions, you cannot encrypt the entire assertion. |

| Option                 | Name identifier (SAML\_SUBJECT) | Other attributes        | Encrypt the SAML\_SUBJECT in SLO messages to the SP                                       | Allow encryption in SLO messages from the SP                                              |
| ---------------------- | ------------------------------- | ----------------------- | ----------------------------------------------------------------------------------------- | ----------------------------------------------------------------------------------------- |
| None                   | No encryption.                  | No encryption.          | No encryption.                                                                            | No encryption.                                                                            |
| The entire assertion   | Encrypted.                      | Encrypted.              | Available as an option.                                                                   | Available as an option.                                                                   |
| One or more attributes | Available as an option.         | Available as an option. | Available as an option only if you select to encrypt the name identifier (SAML\_SUBJECT). | Available as an option only if you select to encrypt the name identifier (SAML\_SUBJECT). |

## Steps

1. Select the options based on your partner agreement.

2. Click **Next** to save changes.

## Result

If you are editing an existing connection, you can reconfigure the XML encryption policy, which might require additional configuration changes in subsequent tasks.