You are using an unsupported browser. Please update your browser to the latest version on or before July 31, 2020.
Encrypting SAML assertions in SSO
print icon

Enabling encryption of SAML assertions adds an extra layer of security to your Single Sign On (SSO) authentication. Encrypting the SAML assertion is optional. This functionality is available only to Custom SAML SSO configuration.


Steps to configure encrypted SAML Assertions:

  • Visit Apps >> Single Sign-On >> Custom SAML Method >> Manage.
  • Scroll to the "Advanced SAML Settings" section.
  • Turn ON the "Enable encrypted SAML Assertions" toggle.

  • Enter the "Assertion Encryption Key".

    • Obtain this private key from your IdP or generate it on your own.

    • Supported Algorithms:

      • Encryption Algorithm: AES256-CBC, AES128-CBC

      • Key Transport Algorithm: RSA-OAEP, RSA-1.5

  • Click "Save".


Procedure to generate self-signed SSL certificate:
  • Prerequisite: OpenSSL is an open source implementation of the SSL and TLS protocols. It provides the transport layer security over the normal communications layer, allowing it to be intertwined with many network applications and services.
  1. Command: openssl req -newkey rsa:2048 -nodes -keyout private_key.pem -x509 -out certificate.pem
  1. Answer below question that appears in prompt:
  1. Common Name: The fully-qualified domain name.
  2. Organization: The legally-registered name for your business.
  3. Organization Unit: If applicable, enter the DBA (doing business as) name.
  4. City or Locality: Name of the city where your organization is registered/located.
  5. State or Province: Name of the state or province where your organization is located.
  6. Country: The two-letter code of the country, where your organization is legally registered.
  1. Command: openssl x509 -in certificate.pem -pubkey -noout > public_key.pem
Note: Above commands will generate following 3 files
  1. private_key.pem --> Content of this file has to be used in Happyfox -> SAML Configuration’s -> Assertion Encryption Key(Textarea Field).
  2. certificate.pem --> Should be used in Idp to perform/generate encrypted assertion.
  3. public_key.pem --> If Applicable, Should be used in Idp to perform/generate encrypted assertion.


2 out of 2 found this helpful

scroll to top icon