Forums, Documentation & Knowledge Base - ComponentSpace

Is it required to encrypted the Assertion in IDP SSO Response? What is the benefit of encrypting the Assertion? What parts of SAML Response are being encrypted?


https://www.componentspace.com/forums/Topic8819.aspx

By [email protected] - 5/29/2018

Hi

I have a ASP.NET MVC IDP site and multiple ASP.NET MVC SP sites. The SSO is being processed under SSL.
When I am setting up the IDP SAML configuration, I see inside the PartnerServiceProvider, there is an attribute of "EncryptAssertion". 

I would like to ask some questions.
1. Is it required to encrypted the Assertion in IDP SSO Response?
2. What is the benefit of encrypting the Assertion?
3. I have attached the a file with sample non-encrypted SAML Response. What parts of SAML Response are being encrypted when "EncryptAssertion" is set to true?
By ComponentSpace - 5/30/2018

That's correct.
The IdP encrypts the SAML assertion with a random symmetric key which in turn is encrypted with the SP's public key.
The SP uses its private key to decrypt the symmetric key which in turn is used to decrypt the SAML assertion.
This ensures that only the SP can decrypt the SAML assertion.