IDP rely configuration - Adobe suggests a modification of default behaviour - any hints?

Peter Schober peter.schober at univie.ac.at
Fri Oct 4 08:09:31 EDT 2019


* Peter Schober <peter.schober at univie.ac.at> [2019-10-04 13:58]:
> Does anyone know whether the Okta SP (as used for Adobe Inc.) supports
> encryption?

At least some random documentation I found seems to suggest as much:
https://help.okta.com/en/prod/Content/Topics/Security/Identity_Providers.htm
"Configure Inbound SAML" -> "Overview" -> "Capabilities":
"Support for encrypted assertions".

Ibid.:

> *Encryption*
> 
> Inbound SAML transparently supports encrypted SAML assertions. The
> IdP can encrypt using the public certificate from Okta and any of
> the following XML encryption algorithms.

So it seems removing the use="signing" restriction on the
KeyDescriptor should work and all documentation suggesting to disable
encryption is wrong? Or is the documentation above wrong?

-peter


More information about the users mailing list