The SAML high-level API is driven by SAML configuration. You don't specify this in the actual API for SSO. You call SAMLIdentityProvider.InitiateSSO for IdP-initiated SSO or SAMLIdentityProvider.SendSSO for SP-initiated SSO. The details about whether the SAML assertion your be signed and/or encrypted are specified through the SAML configuration. For example, here's a partial configuration that specifies the SAML assertion should be signed and encrypted.
When SAMLIdentityProvider.InitiateSSO or SAMLIdentityProvider.SendSSO executes to send a SAML response to this partner service provider, these flags are checked and in this case the SAML assertion would be signed and encrypted.
Regards ComponentSpace Development
|