Page created: 21 Jan 2020
|
Page updated: 15 Jul 2020
For browser-based single sign-on (SSO), if you choose to encrypt all or part of an SSO assertion on
, you must identify the certificate that PingFederate can use to do so.You must also select a certificate if your requirements include encrypting an assertion in response to an attribute query on
.For WS-Trust security token service (STS), this configuration is also required if you enabled the Generate Key for SAML Holder of Key Subject Confirmation Method or Encrypt SAML 2.0 Assertion option, or both, on .
If encryption is not required, the Select XML Encryption Certificate tab is not shown.