In the application I am working on I have configured SAML SSO with Windows ADFS server, We are exposing our SAML metadata through a metadata endpoint for the ADFS Relying Party Trust configuration. In that FederationMetadata.xml file, we include a signing certificate as well as an encryption certificate. In the Identity provider configuration inside the application, I have set SignAuthnRequest, SignLogoutRequest, and WantAssertionSigned to true. But I have not set WantAssertionEncrypted to true, it is set to false. when I try to authenticate with the AD FS server, the user is able to log in and everything works fine. But when I inspect the SAML Auth Response from the ADFS server it contains the Encrypted Assertion. I am assuming that since ADFS has the encryption certificate it automatically encrypts every SAML Auth Response Assertions. But my question is since I have WantAssertionEncrypted set to false, how can the ComponentSpace.SAML library know that the Assertion is encrypted and it needs to be decrypted using our private key since I have not explicitly said to do so?
Does the Library automatically decrypt the assertion even if it is not specifically configured to do so?
|