SAML assertions are encrypted by the IdP using the SP's public key. They're decrypted by the SP using the SP's private key. As the SP, you supply your public key to the IdP. Typically this is done either by supplying them with your .CER certificate file or with the certificate included in your SAML metadata. The corresponding private key may be stored in a .PFX file and is specified as the local certificate in your SAML configuration. The partner IdP certificate is not involved in SAML encryption. That's used for signature verification. Our Certificate Guide offers a number of suggestions for generating self-signed certificates. Of course, you can always use a CA issued certificate if you prefer. https://www.componentspace.com/Forums/9349/Certificate-GuideThe recently included CreateSelfSignedCert console app project generates a PFX and CER file for you.
Regards ComponentSpace Development
|