Page created: 12 Sep 2019
|
Page updated: 19 Mar 2020
For SAML 2.0 configurations, in addition to using
signed assertions to ensure authenticity, you and your partner may also agree to encrypt
all or part of an assertion to improve privacy. If so, you can configure these settings on
the Encryption Policy screen.
Note:
For WS-Fed connections with SAML 2.0 assertions, you cannot encrypt the entire assertion.
| Option | Name identifier (SAML_SUBJECT) | Other attributes | Encrypt the SAML_SUBJECT in SLO messages to the SP | Allow encryption in SLO messages from the SP |
|---|---|---|---|---|
| None | No encryption. | No encryption. | No encryption. | No encryption. |
| The entire assertion | Encrypted. | Encrypted. | Available as an option. | Available as an option. |
| One or more attributes | Available as an option. | Available as an option. | Available as an option only if you select to encrypt the name identifier (SAML_SUBJECT). | Available as an option only if you select to encrypt the name identifier (SAML_SUBJECT). |
- To continue, select the option (and options) based on your partner agreement.
If you are editing an existing connection, you can reconfigure the XML encryption policy, which may require additional configuration changes in subsequent tasks.