ComponentSpace

Forums



Encrypted Assertion works even the WantAssertionEncrypted is set to False.


Encrypted Assertion works even the WantAssertionEncrypted is set to...

Author
Message
Kasun Kodagoda
Kasun Kodagoda
Junior Member
Junior Member (60 reputation)Junior Member (60 reputation)Junior Member (60 reputation)Junior Member (60 reputation)Junior Member (60 reputation)Junior Member (60 reputation)Junior Member (60 reputation)Junior Member (60 reputation)Junior Member (60 reputation)

Group: Forum Members
Posts: 19, Visits: 84
In the application I am working on I have configured SAML SSO with Windows ADFS server, We are exposing our SAML metadata through a metadata endpoint for the ADFS Relying Party Trust configuration. In that FederationMetadata.xml file, we include a signing certificate as well as an encryption certificate. In the Identity provider configuration inside the application, I have set SignAuthnRequest, SignLogoutRequest, and WantAssertionSigned to true. But I have not set WantAssertionEncrypted to true, it is set to false. when I try to authenticate with the AD FS server, the user is able to log in and everything works fine. But when I inspect the SAML Auth Response from the ADFS server it contains the Encrypted Assertion. I am assuming that since ADFS has the encryption certificate it automatically encrypts every SAML Auth Response Assertions. But my question is since I have WantAssertionEncrypted set to false, how can the ComponentSpace.SAML library know that the Assertion is encrypted and it needs to be decrypted using our private key since I have not explicitly said to do so? 

Does the Library automatically decrypt the assertion even if it is not specifically configured to do so?
ComponentSpace
ComponentSpace
ComponentSpace Development
ComponentSpace Development (4.4K reputation)ComponentSpace Development (4.4K reputation)ComponentSpace Development (4.4K reputation)ComponentSpace Development (4.4K reputation)ComponentSpace Development (4.4K reputation)ComponentSpace Development (4.4K reputation)ComponentSpace Development (4.4K reputation)ComponentSpace Development (4.4K reputation)ComponentSpace Development (4.4K reputation)

Group: Administrators
Posts: 3.2K, Visits: 11K
You're understanding is correct.
If the assertion is encrypted we will decrypt it.
If WantAssertionEncrypted is true and the assertion is not encrypted, this is an error.
If WantAssertionEncrypted is false we will decrypt the assertion if required but it's not mandatory that the assertion is encrypted.

Regards
ComponentSpace Development
Kasun Kodagoda
Kasun Kodagoda
Junior Member
Junior Member (60 reputation)Junior Member (60 reputation)Junior Member (60 reputation)Junior Member (60 reputation)Junior Member (60 reputation)Junior Member (60 reputation)Junior Member (60 reputation)Junior Member (60 reputation)Junior Member (60 reputation)

Group: Forum Members
Posts: 19, Visits: 84
Thank you for the clarification. :)
ComponentSpace
ComponentSpace
ComponentSpace Development
ComponentSpace Development (4.4K reputation)ComponentSpace Development (4.4K reputation)ComponentSpace Development (4.4K reputation)ComponentSpace Development (4.4K reputation)ComponentSpace Development (4.4K reputation)ComponentSpace Development (4.4K reputation)ComponentSpace Development (4.4K reputation)ComponentSpace Development (4.4K reputation)ComponentSpace Development (4.4K reputation)

Group: Administrators
Posts: 3.2K, Visits: 11K
You're welcome.

Regards
ComponentSpace Development
GO


Similar Topics


Execution: 0.000. 2 queries. Compression Enabled.
Login
Existing Account
Email Address:


Password:


Select a Forum....












Forums, Documentation & Knowledge Base - ComponentSpace


Search