Reputation: 43
Does Google Identity Platform support encrypted SAML assertion?
We're using Google Identity Platform (Firebase Authentication ft. Google Identity Toolkit) as IDaaS, mainly for SAML 2.0.
When an IdP returns an encrypted SAML response assertion, Identity Toolkit throws the following error: INVALID_IDP_RESPONSE has no assertions, but if assertions are not encrypted, everything seems to work fine.
So does Google Identity Platform supports encrypted assertions in SAMLresponse? Couldn't find anything in the documentation about whether it's supported or not.
Upvotes: 1
Views: 1226
Answers (1)
Reputation: 30788
Google Identity Platform does not support encrypted assertions in SAML responses. You can confirm this from the REST API for configuration SAML providers. Notice they don't provide a public key for IdP encryption (normally for encrypted SAML, the SP would generate an asymmetric key pair, they would keep the private key and you would configure the public key for encryption with your IdP).
Upvotes: 3
Related Questions
- Use the SAML attribute ForceAuthn with Google IdP
- Finding the correct SAML Identity provider to authenticate a user
- Implement SSO with Google SAML
- Firebase Authentication with Google Identity (GoogleYOLO)
- Cloud Identity Platform: Are IdP-initiated SAML flows possible?
- Can I use Google Identity Platform or Firebase Authentication as a SAML Identity Provider?
- Integrating Firebase Auth and Identity Platform
- SAML authentication with firebase
- Google Cloud Identity Platform (CICP) SAML Workflow Fails
- Google Identity Platform SAML setup for mobile applications