Selecting a decryption key (SAML 2.0) - PingFederate

Page created: 12 Sep 2019 |

Page updated: 19 Mar 2020

| 1 min read

PingFederate 10.0 Product Configuration User task Single Sign-on (SSO) Capability Software Deployment Method Product documentation Content Type Administrator Audience SAML Standards, specifications, and protocols

When you chose to encrypt the name identifier (SAML_SUBJECT) on the Protocol Settings > Encryption Policy screen, you also have the option to allow the SP to encrypt the name identifier in its SLO requests (if the SP-initiated SSO profile is enabled for the connection). To enable this inbound encryption, you must specify at least one certificate on the Select Decryption Keys screen.

If decryption is not required, the Select Decryption Keys screen is not shown.

Select the primary XML decryption key from the list.

If you have not yet created or imported your certificate into PingFederate, click Manage Certificates (see Managing digital signing certificates and decryption keys).
Optional: Select the secondary XML decryption key from the list.

Selecting a decryption key (SAML 2.0) - PingFederate - 10.0

PingFederate Server