ComponentSpace

Forums



Encrypted attributes in HighLevel api SSO


Encrypted attributes in HighLevel api SSO

Author
Message
alex
alex
New Member
New Member (3 reputation)New Member (3 reputation)New Member (3 reputation)New Member (3 reputation)New Member (3 reputation)New Member (3 reputation)New Member (3 reputation)New Member (3 reputation)New Member (3 reputation)

Group: Forum Members
Posts: 2, Visits: 12
Is that possible to use Encrypted attributes in HighLeve api?
SAMLIdentityProvider.InitiateSSO seems to only accept SAMLAttribute not EncryptedAttribute.

Thank you
ComponentSpace
ComponentSpace
ComponentSpace Development
ComponentSpace Development (4.4K reputation)ComponentSpace Development (4.4K reputation)ComponentSpace Development (4.4K reputation)ComponentSpace Development (4.4K reputation)ComponentSpace Development (4.4K reputation)ComponentSpace Development (4.4K reputation)ComponentSpace Development (4.4K reputation)ComponentSpace Development (4.4K reputation)ComponentSpace Development (4.4K reputation)

Group: Administrators
Posts: 3.2K, Visits: 11K
Our low-level API supports encrypted SAML attributes but we didn't expose this functionality in the high-level API.
From our experience, if you are going to encrypt one or more SAML attributes then you might as well encrypt the entire SAML assertion.
The expensive part of XML encryption is encrypting the random symmetric key using the asymmetric key. The encryption of the data using the symmetric key is a less expensive operation and the length of the data (SAML attribute vs SAML assertion) doesn't make a significant difference in the overall time.
If there's a specific use case where you have to encrypt SAML attributes rather than the SAML assertion please let us know the circumstances.

Regards
ComponentSpace Development
alex
alex
New Member
New Member (3 reputation)New Member (3 reputation)New Member (3 reputation)New Member (3 reputation)New Member (3 reputation)New Member (3 reputation)New Member (3 reputation)New Member (3 reputation)New Member (3 reputation)

Group: Forum Members
Posts: 2, Visits: 12
Thank you for quick reply,
we are integration with 3rd party application, doc for that apps says:
1. Before signing the SAML response, the Yodlee attributes have to be encrypted.
2. The encryption is done by generating a temporary symmetric key.
 Temporary Key Algorithm - AES
 Temporary Key Size - 128
 Temporary Key Transformation (one of these two):
     AES/ECB/NoPadding
     AES/CBC/PSK6
3. Using this generated temporary key, encrypt the Yodlee attributes.
4. The encrypted text should be encoded with Base64 encoding.
5. The temporary key should be wrapped/encrypted with the Yodlee public key using the
following:
 Wrapping Key Algorithm - RSA
 Wrapping Key Transaction - RSA/ECB/PKCS1Padding
6. The wrapped key should be encoded with Base64 encoding.
7. Then, the encoded key and encoded text should be sent along with the response in
the format of: <base64encodedcipherkey>:<base64encodedciphertext>

so we don't have much choice here.



ComponentSpace
ComponentSpace
ComponentSpace Development
ComponentSpace Development (4.4K reputation)ComponentSpace Development (4.4K reputation)ComponentSpace Development (4.4K reputation)ComponentSpace Development (4.4K reputation)ComponentSpace Development (4.4K reputation)ComponentSpace Development (4.4K reputation)ComponentSpace Development (4.4K reputation)ComponentSpace Development (4.4K reputation)ComponentSpace Development (4.4K reputation)

Group: Administrators
Posts: 3.2K, Visits: 11K
I would double check with the service provider that they definitely want the individual SAML attributes encrypted rather than the entire SAML assertion.
It seems odd to encrypt individual attributes rather than the assertion and I suspect it will also be more expensive.
If they don't support an encrypted SAML assertion then there's always the option of using our low-level API.
However, please let me know once you've spoken to the service provider to confirm whether or not they support encrypted assertions.


Regards
ComponentSpace Development
GO


Similar Topics


Execution: 0.000. 2 queries. Compression Enabled.
Login
Existing Account
Email Address:


Password:


Select a Forum....












Forums, Documentation & Knowledge Base - ComponentSpace


Search