When you chose to encrypt the name identifier (SAML_SUBJECT) on the Protocol Settings > Encryption Policy screen, you also have the option to allow the SP to encrypt the name identifier in its SLO requests (if the SP-initiated SSO profile is enabled for the connection). To enable this inbound encryption, you must specify at least one certificate on the Select Decryption Keys screen.

If decryption is not required, the Select Decryption Keys screen is not shown.

  1. Select the primary XML decryption key from the list.

    If you have not yet created or imported your certificate into PingFederate, click Manage Certificates (see Managing digital signing certificates and decryption keys).

  2. Optional: Select the secondary XML decryption key from the list.