Disable assertion encryption

Many third-party SAML SP products do not support encrypted assertions. For example ComponentSpace, Weblogic Server 11g.

How can I disable encryption of assertions?

Step-by-step guide

By default, the assertions created by Ubisecure SSO are encrypted. To disable assertion encryption, modify the third-party SP metadata before import to Ubisecure SSO. Consider security risks carefully before making these changes.

1. Edit the SP metadata. Add use="signing" to the XML element KeyDescriptor. e.g. <md:KeyDescriptor use="signing">
2. Activate the SP again using the Ubisecure SSO Management application

Related articles

• Page:
  Get roles from both CustomerID and SAML federation using authorization policy
• Page:
  How to log and trace OAuth2 and OpenID Connect HTTP messages
• Page:
  Disable assertion encryption
• Page:
  Passwordless login methods
• Page:
  Change the hostname of a CustomerID installation