Configuring XML encryption policy (SAML 2.0) - PingFederate - 11.2

PingFederate Server

bundle
pingfederate-112
ft:publication_title
PingFederate Server
Product_Version_ce
PingFederate 11.2
category
Administrator
Administratorguide
Audience
Capability
ContentType
DeploymentMethod
Guide
Product
Productdocumentation
SingleSignonSSO
Software
SystemAdministrator
pf-112
pingfederate
ContentType_ce
Guide
Guide > Administrator Guide
Product documentation

For SAML 2.0 configurations, in addition to using signed assertions to ensure authenticity, you and your partner can also agree to encrypt all or part of an assertion to improve privacy. If so, you can configure these settings on the Encryption Policy tab.

For prerequisites and initial steps for configuring Browser SSO protocols, see Configuring protocol settings.
Note: For WS-Fed connections with SAML 2.0 assertions, you cannot encrypt the entire assertion.
Option Name identifier (SAML_SUBJECT) Other attributes Encrypt the SAML_SUBJECT in SLO messages to the SP Allow encryption in SLO messages from the SP
None No encryption. No encryption. No encryption. No encryption.
The entire assertion Encrypted. Encrypted. Available as an option. Available as an option.
One or more attributes Available as an option. Available as an option. Available as an option only if you select to encrypt the name identifier (SAML_SUBJECT). Available as an option only if you select to encrypt the name identifier (SAML_SUBJECT).
  1. Select the options based on your partner agreement.
  2. Click Next to save changes.

If you are editing an existing connection, you can reconfigure the XML encryption policy, which might require additional configuration changes in subsequent tasks.