Your organization may require SAML assertions to be encrypted if assertions include attributes that contain sensitive personal data, for example, social security numbers. Domino® encrypts entire SAML assertions; partial encryption of specific attributes is not available.

About this task

To encrypt SAML assertions, you must import the internet certificate for Domino in the server.id file. This step can be done automatically through the IdP configuration document. The automatic method is the easiest, but it is not always possible to use it. You must generate the certificate manually if any of the following conditions are true:

• The server ID file of the Domino server is password protected.
• You want to re-use an Internet certificate that already exists in the server ID file.
• Signer of the IdP Catalog is not listed (or does not belong to a group) in the Server document, in Full Access Administrators >Administrators >Sign or run unrestricted methods and operations.

Note: Complete this procedure before you export an IdP configuration toidp.xml. That way, idp.xml contains the certificate and it will be imported into your IdP with the other Domino configuration information.

Automatically generating a certificate to encrypt SAML assertions
You can generate a certificate to use to encrypt SAML assertions automatically from an IdP configuration document.

Manually generating a certificate to encrypt SAML assertions
If the Dominoserver.id file has a password, you as the administrator must create the SAML metadata file and the certificate file manually; the Create SP Certificatebutton in the IdP Catalog application cannot be used. You must also create the metadata file manually if you intend to verify SAML assertions using an Internet certificate that already exists in the server ID file.

Help on Help

All Help Contents

Help on Help