For browser-based single sign-on (SSO), if you choose to encrypt all or part of an SSO assertion on PingFederate can use to do so.
, you must identify the certificate thatYou must also select a certificate if your requirements include encrypting an assertion in response to an attribute query on
.For WS-Trust security token service (STS), this configuration is also required if you enabled the Generate Key for SAML Holder of Key Subject Confirmation Method or Encrypt SAML 2.0 Assertion option, or both, on .
If encryption is not required, the Select XML Encryption Certificate tab is not shown.