Hi sreev,
Signature and Encryption are many times confusing indeed,
because both use certificates and keys and both are related
to Assertions.
In a Federation journey, usually we "sign" and "encrypt"
the Assertion for 2 goals :
- to guarantee that this XML document hasn't been modified
when it arrives at the SP side;
- to guarantee that this XML document is kept readable "only" for
the SP side;
The Signature makes the Assertion XML document
not modifiable by a third party. That's why the one party
will sign it and the other party will verify the signature,
to confirm the integrity of the XML document.
The Encryption makes parts of the Assertion XML Document
readable only for the SP side. To read it, the SP side needs
to decrypt it.
So for a given Assertion XML document, you can sign or
encrypt it, or do both at the same time.
The Certificate used for encryption at the IDP side
should be set in the SP side in order to make the SP
able to decrypt the Assertion. The same occurs for the
signature process.
I hope that helps to understand how signature and encryption
work.
Best Regards,
Patrick