Selecting a decryption key (SAML 2.0) - PingFederate - 10.3

PingFederate Server

bundle
pingfederate-103
ft:publication_title
PingFederate Server
Product_Version_ce
PingFederate 10.3
category
Product
pf-103
pingfederate
ContentType_ce

To enable inbound encryption in PingFederate, you must select a certificate on the decryption key.

When you choose to encrypt the name identifier (SAML_SUBJECT) on Protocol Settings > Encryption Policy, you can also allow the service provider (SP) to encrypt the name identifier in its single logout (SLO) requests, if the SP-initiated single sign-on (SSO) profile is enabled for the connection. To enable this inbound encryption, you must specify at least one certificate on the Select Decryption Keys tab.

If decryption is not required, the Select Decryption Keys window is not shown.

  1. Select the primary XML decryption key from the list.

    If you have not created or imported your certificate into PingFederate, click Manage Certificates. For more information, see Manage digital signing certificates and decryption keys.

  2. Optional: Select the secondary XML decryption key from the list.