Hi,Can any one shed some light on these, how this signature and encryption works?
On sp, signature:
1.Signing Private Key Alias-- it using sp cert
2.Verification Certificate Alias..this using idp certs
Encryption Certificate Alias--idp cert
Decryption Private Key Alias..sp cert
on IDP, Signature:
Verification Certificate Alias--idp cert
Signing Private Key Alias--sp cert
Encryption Certificate Alias--sp cert
Decryption Private Key Alias--idp cert
Signature and Encryption are many times confusing indeed,
because both use certificates and keys and both are related
In a Federation journey, usually we "sign" and "encrypt"
the Assertion for 2 goals :
- to guarantee that this XML document hasn't been modified
when it arrives at the SP side;
- to guarantee that this XML document is kept readable "only" for
the SP side;
The Signature makes the Assertion XML document
not modifiable by a third party. That's why the one party
will sign it and the other party will verify the signature,
to confirm the integrity of the XML document.
The Encryption makes parts of the Assertion XML Document
readable only for the SP side. To read it, the SP side needs
to decrypt it.
So for a given Assertion XML document, you can sign or
encrypt it, or do both at the same time.
The Certificate used for encryption at the IDP side
should be set in the SP side in order to make the SP
able to decrypt the Assertion. The same occurs for the
I hope that helps to understand how signature and encryption
Still not clear Patrick,
As I understood
Signing Private Key Alias..idp cert-->this will sign and it encrypt using Encryption Certificate Alias--idp cert
when it receives request it uses Verification Certificate Alias key--sp cert and it decrypt using Decryption Private Key Alias..sp cert
If I am wrong please put me in right path.