简体繁体中英

Azure AD - Where to add the public key certificate from the Service Provider to encrypt the SAML assertion

原文 2022-01-25 02:42:03 1 1 azure-active-directory/ saml/ arcgis-online

I have been given a Public Key Certificate by the Service Provider (ArcGIS Online) which I want to use to encrypt the assertion sent from Azure AD (IdP).

Do I import the certificate (with KeyDescriptor="encryption") under Single Sign On > SAML Signing Certificate

https://docs.microsoft.com/en-us/azure/active-directory/manage-apps/certificate-signing-options

Or under Token Encryption

https://docs.microsoft.com/en-us/azure/active-directory/manage-apps/howto-saml-token-encryption

The SAML Signing Certificate page has the option to "Encrypt assertion", but the help page for Token Encryption suggests that this is the place to import a certificate to encrypt an assertion. Please explain the difference between the two locations where certificates can be imported.

1 answers

You add it to token encryption.

Azure AD uses its own certificate to sign the token. There are different ways to sign the token as per the article.

You should have been given a.cer file. This is the public key used to encrypt the assertions ie the claims.

The SP (application) uses the private key to de-encrypt.

So the token is signed by the AAD certificate but the assertions within the token are encrypted by the encryption certificate.

Adding custom claims on Azure AD SAML SSO at Service Provider (SP)

Azure AD Verifiable Credential from where i can get public key private key values?

Azure AD as SAML Id Provider - How and where to set SP unique identifier

Does the Windows Azure AD SAML integration with Salesforce support Service Provider-initiated SSO?

Implement an SSO Service Provider for my SAAS application and integrate with Azure AD SAML

Invalid Base64 SAML Assertion from OAuth on-behalf-of flow in Azure AD

Can we configure groups in Azure AD SAML Assertion

How to add ForceAuthn optional SAML attribute in SAML request of service provider(slack,zoom). I use Azure active director as Identity Provider

Is is possible to use Azure AD as a SAML compliant Identity Provider?

Azure AD SAML using Common Certificate instead of app specific

暂无

The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.

Related Question Adding custom claims on Azure AD SAML SSO at Service Provider (SP) Azure AD Verifiable Credential from where i can get public key private key values? Azure AD as SAML Id Provider - How and where to set SP unique identifier Does the Windows Azure AD SAML integration with Salesforce support Service Provider-initiated SSO? Implement an SSO Service Provider for my SAAS application and integrate with Azure AD SAML Invalid Base64 SAML Assertion from OAuth on-behalf-of flow in Azure AD Can we configure groups in Azure AD SAML Assertion How to add ForceAuthn optional SAML attribute in SAML request of service provider(slack,zoom). I use Azure active director as Identity Provider Is is possible to use Azure AD as a SAML compliant Identity Provider? Azure AD SAML using Common Certificate instead of app specific

Related Tags

Azure AD - Where to add the public key certificate from the Service Provider to encrypt the SAML assertion

Question

1 answers

solution1 0 2022-01-25 05:33:24

solution1
0 2022-01-25 05:33:24