mace-opensaml-users - Re: [OpenSAML] [OpenSAML2] Encryption for SAML1.1 assertions

Subject: OpenSAML user discussion

List archive

Re: [OpenSAML] [OpenSAML2] Encryption for SAML1.1 assertions

From: Nate Klingenstein <>
To:
Subject: Re: [OpenSAML] [OpenSAML2] Encryption for SAML1.1 assertions
Date: Fri, 7 Nov 2008 03:07:17 +0000

Vishwajit,

Unfortunately, or maybe lucky for you, SAML 1.1 doesn't support encryption of assertions.

http://en.wikipedia.org/wiki/SAML#SAML_building_blocks

Take care,

Nate.

On 7 Nov 2008, at 02:54, Pantvaidya, Vishwajit wrote:

Does the SAML1.1 spec support encryption of assertions – I mean as an implementer of the browser post profile on the service provider (relying party) side, do I need to be prepared to receive encrypted assertions? I could not see anything specific on this in the core spec or in the security considerations. Also I do see that the SAML2 classes in OpenSAML2 have the EncryptedAssertion type. But I could not find the SAML1 counterpart of that.

[OpenSAML2] Encryption for SAML1.1 assertions, Pantvaidya, Vishwajit, 11/06/2008
- Re: [OpenSAML] [OpenSAML2] Encryption for SAML1.1 assertions, Nate Klingenstein, 11/06/2008
  - RE: [OpenSAML] [OpenSAML2] Encryption for SAML1.1 assertions, Pantvaidya, Vishwajit, 11/06/2008

List archive

Re: [OpenSAML] [OpenSAML2] Encryption for SAML1.1 assertions