Symantec Access Management

Hi,Can any one shed some light on these, how this signature and encryption works?

On sp, signature:

1.Signing Private Key Alias-- it using sp cert

2.Verification Certificate Alias..this using idp certs

Encryption:

Encryption Certificate Alias--idp cert

Decryption Private Key Alias..sp cert

on IDP, Signature:

Verification Certificate Alias--idp cert

Signing Private Key Alias--sp cert

Encryption:

Encryption Certificate Alias--sp cert

Decryption Private Key Alias--idp cert

Thanks,

Hi sreev,

Signature and Encryption are many times confusing indeed,

because both use certificates and keys and both are related

to Assertions.

In a Federation journey, usually we "sign" and "encrypt"

the Assertion for 2 goals :

  - to guarantee that this XML document hasn't been modified

    when it arrives at the SP side;

  - to guarantee that this XML document is kept readable "only" for

    the SP side;

The Signature makes the Assertion XML document

not modifiable by a third party. That's why the one party

will sign it and the other party will verify the signature,

to confirm the integrity of the XML document.

The Encryption makes parts of the Assertion XML Document

readable only for the SP side. To read it, the SP side needs

to decrypt it.

So for a given Assertion XML document, you can sign or

encrypt it, or do both at the same time.

The Certificate used for encryption at the IDP side

should be set in the SP side in order to make the SP

able to decrypt the Assertion. The same occurs for the

signature process.

I hope that helps to understand how signature and encryption

work.

Best Regards,

Patrick

Still not clear Patrick,

As I understood

IDP/SP

Signing Private Key Alias..idp cert-->this will sign  and it encrypt using Encryption Certificate Alias--idp cert

when it receives request it uses Verification Certificate Alias key--sp cert and it decrypt using Decryption Private Key Alias..sp cert

If I am wrong please put me in right path.

Thanks,