Reputation: 1131
ComponentSpace SAML SSO and Decrypt Assertion without Private Key
We are using low level ComponentSpace SAML 2.0 implementation, when trying to read the encrypted assertions, while passing the x509 certificate file, ComponentSpace can only Decrypt when Private Key is present in the file.
In many cases the SAML SSO Idp do not include the private key in the cert file, is there any other way to decrypt the assertions?
XmlElement decryptedElement = encryptedAssertion.DecryptToXml(x509Certificate);
Upvotes: 0
Views: 1351
Answers (1)
Reputation: 1367
The identity provider encrypts a SAML assertion using the service provider's public key. The service provider decrypts the encrypted assertion using the service provider's private key. The SAML assertion should never be encrypted using the identity provider's public key. You should never need the private key of a 3rd party and you should never supply your private key to a 3rd party. You only ever exchange public keys.
You should supply your public key (eg sp.cer file) to the identity provider.
You should decrypt the SAML assertion using your private key (eg sp.pfx).
Upvotes: 3
Related Questions
- Authenticate web app Using Saml 2.0 in asp.net
- SSO using SAML2.0 in asp.net
- SSO SAML in dot net web application using a Microsoft package
- How encrypt and decrypt a SAML assertion
- SAML 2.0 authentication request to Identity Authentication
- Create SAML 2.0 response with signed and encrypted Assertion using c#
- How to sign SAMLResponse and encrypt assertion with C#?
- ComponentSpace SAML2.0 Library: Invalid algorithm specified. (Certificate algorithm: RSASHA256)
- Encrypt SAML 2.0 assertion with SP public certificate - Component Space
- SAML 2.0 authentication assertion between service providers (C#, .net, MVC4, Component Space)