encrypted assertions

[Chris Phillips]

>From my perspective, it's a specific implementation profile on the SAML2
spec, it's there to be used but not required to be 'enabled' (or is it?)
others may have more insight.

For instance, ADFS supports SAML2 but sending it an encrypted assertion
gives it grief (at least my instance).
(yes, my signing key is separate from my encryption key -- still borks and
event viewer is oh so helpful *cough*.
If anyone has this clearly sorted out I'd love to hear from you).

So, I say yes it's SAML2 capable.

Nate's SAML2int.org reference is a good touchstone item to use as a
yardstick for what your asking..

Chris.


On 14-08-19 2:51 PM, "Mark K. Miller" <max at psu.edu> wrote:

>
>Please forgive me if this has already been answered on this list.  I
>suspect it has been, but I'm sure it would easily elude my searching
>'skills.'
>
>If an implementation claims to support SAML2 but does not support
>encrypted assertions, can that claim be completely correct?
>
>Phrasing the intent of my question another way (just in case I'm too
>confusing for anyone,) are encrypted assertions part of the SAML protocol
>spec?
>
>Those who know my protocol expertise will know anything much beyond
>single 
>word, single syllable answers are likely to confuse me further.
>
>Thanks,
>
>Max
>-- 
>To unsubscribe from this list send an email to
>users-unsubscribe at shibboleth.net