This repository was archived by the owner on Jan 9, 2025. It is now read-only.
Proxy announcing enc cert in md to IDP #8
Comments
Sign up for free
to subscribe to this conversation on GitHub.
Already have an account?
Sign in.
Problem: The Proxy announces an encryption certificate to the IDP. When the assertion is encrypted by the iDP based on the metadata then, the proxy cannot access the NameID.
The proxy should in theory be able to decrypt the assertion containing only the NameID; However, it might not know which of the 2 assertions to choose. OTOH there is no point in encrypting the NameID-assertion. Therefore it should be sufficient to have only a use="sign" certificate in the proxy metadata.
The text was updated successfully, but these errors were encountered: