ComponentSpace

Forums



Generating "public key" for assertion signing


Generating "public key" for assertion signing

Author
Message
BrandonSmith
BrandonSmith
New Member
New Member (2 reputation)New Member (2 reputation)New Member (2 reputation)New Member (2 reputation)New Member (2 reputation)New Member (2 reputation)New Member (2 reputation)New Member (2 reputation)New Member (2 reputation)

Group: Forum Members
Posts: 1, Visits: 1
Our web application currently has the options for users to turn on and off "WantAssertionEncrypted" on their IDP assertions.

From my understanding they need to assign their assertion with a "public" key that we provide, and we decrypt with a private certificate that we have.

How do we generate the "public key" that we provide to our clients? and likewise how do we reference the certificate used to decrypt on our side (SP)?

Would we assign the decryption cert like this?

//Assign the certificate                    samlConfiguration.PartnerIdentityProviderConfigurations[idpKey].PartnerCertificateFile = "spCert.cer"

ComponentSpace
ComponentSpace
ComponentSpace Development
ComponentSpace Development (4.2K reputation)ComponentSpace Development (4.2K reputation)ComponentSpace Development (4.2K reputation)ComponentSpace Development (4.2K reputation)ComponentSpace Development (4.2K reputation)ComponentSpace Development (4.2K reputation)ComponentSpace Development (4.2K reputation)ComponentSpace Development (4.2K reputation)ComponentSpace Development (4.2K reputation)

Group: Administrators
Posts: 3K, Visits: 10K
SAML assertions are encrypted by the IdP using the SP's public key. They're decrypted by the SP using the SP's private key.

As the SP, you supply your public key to the IdP. Typically this is done either by supplying them with your .CER certificate file or with the certificate included in your SAML metadata.

The corresponding private key may be stored in a .PFX file and is specified as the local certificate in your SAML configuration. The partner IdP certificate is not involved in SAML encryption. That's used for signature verification.

Our Certificate Guide offers a number of suggestions for generating self-signed certificates. Of course, you can always use a CA issued certificate if you prefer.

https://www.componentspace.com/Forums/9349/Certificate-Guide

The recently included CreateSelfSignedCert console app project generates a PFX and CER file for you.

Regards
ComponentSpace Development
GO


Similar Topics


Execution: 0.000. 4 queries. Compression Enabled.
Login
Existing Account
Email Address:


Password:


Social Logins

Select a Forum....












Forums, Documentation & Knowledge Base - ComponentSpace


Search