ComponentSpace

Forums



Where do I specify the Service Provider's public key for encrypting the assertion when I was not...


Where do I specify the Service Provider's public key for encrypting...

Author
Message
jbaisden
jbaisden
New Member
New Member (3 reputation)New Member (3 reputation)New Member (3 reputation)New Member (3 reputation)New Member (3 reputation)New Member (3 reputation)New Member (3 reputation)New Member (3 reputation)New Member (3 reputation)

Group: Forum Members
Posts: 2, Visits: 8
Where do I specify the Service Provider's public key for encrypting the assertion when I was not given an actual certificate file?

The subject says it all. The question here discusses pretty much what I want to do, but I cannot find where I to specify the public certificate key for the SP. We're the identity provider in this case. We're also not trying to use our own certificates private key to encrypt the assertion...just the SP's public certificate key.

I've been looking over the example projects and haven't found something quite like this yet, All help would be greatly appreciated. Thanks!

ComponentSpace
ComponentSpace
ComponentSpace Development
ComponentSpace Development (4.4K reputation)ComponentSpace Development (4.4K reputation)ComponentSpace Development (4.4K reputation)ComponentSpace Development (4.4K reputation)ComponentSpace Development (4.4K reputation)ComponentSpace Development (4.4K reputation)ComponentSpace Development (4.4K reputation)ComponentSpace Development (4.4K reputation)ComponentSpace Development (4.4K reputation)

Group: Administrators
Posts: 3.2K, Visits: 11K
I'm assuming you're using the SAML high-level API and SAML configuration.
The partner SP certificate is used to encrypt the SAML assertion.
In the example below the PartnerCertificateFile sp.cer is used to encrypt the SAML assertion.

<PartnerServiceProvider Name="http://localhost/ExampleServiceProvider"
        Description="Example Service Provider"
        WantAuthnRequestSigned="true"
        SignSAMLResponse="true"
        SignAssertion="true"
        EncryptAssertion="false"
        AssertionConsumerServiceUrl="http://localhost/ExampleServiceProvider/SAML/AssertionConsumerService.aspx"
        SingleLogoutServiceUrl="http://localhost/ExampleServiceProvider/SAML/SLOService.aspx"
        PartnerCertificateFile="Certificates\sp.cer"/>




Regards
ComponentSpace Development
jbaisden
jbaisden
New Member
New Member (3 reputation)New Member (3 reputation)New Member (3 reputation)New Member (3 reputation)New Member (3 reputation)New Member (3 reputation)New Member (3 reputation)New Member (3 reputation)New Member (3 reputation)

Group: Forum Members
Posts: 2, Visits: 8
ComponentSpace - 5/8/2017
I'm assuming you're using the SAML high-level API and SAML configuration.
The partner SP certificate is used to encrypt the SAML assertion.
In the example below the PartnerCertificateFile sp.cer is used to encrypt the SAML assertion.

<PartnerServiceProvider Name="http://localhost/ExampleServiceProvider"
        Description="Example Service Provider"
        WantAuthnRequestSigned="true"
        SignSAMLResponse="true"
        SignAssertion="true"
        EncryptAssertion="false"
        AssertionConsumerServiceUrl="http://localhost/ExampleServiceProvider/SAML/AssertionConsumerService.aspx"
        SingleLogoutServiceUrl="http://localhost/ExampleServiceProvider/SAML/SLOService.aspx"
        PartnerCertificateFile="Certificates\sp.cer"/>



What if you only have the public key and DO NOT have a partner certificate?

ComponentSpace
ComponentSpace
ComponentSpace Development
ComponentSpace Development (4.4K reputation)ComponentSpace Development (4.4K reputation)ComponentSpace Development (4.4K reputation)ComponentSpace Development (4.4K reputation)ComponentSpace Development (4.4K reputation)ComponentSpace Development (4.4K reputation)ComponentSpace Development (4.4K reputation)ComponentSpace Development (4.4K reputation)ComponentSpace Development (4.4K reputation)

Group: Administrators
Posts: 3.2K, Visits: 11K
We don't support public keys only. The SP should be able to provide you with their .CER file or the certificate contained in their SAML metadata.
These are the standard formats for communicating public keys.

Regards
ComponentSpace Development
GO


Similar Topics


Execution: 0.000. 3 queries. Compression Enabled.
Login
Existing Account
Email Address:


Password:


Select a Forum....












Forums, Documentation & Knowledge Base - ComponentSpace


Search