SECURING
Your organization may require SAML assertions to be encrypted if assertions include attributes that contain sensitive personal data, for example, social security numbers. Domino® encrypts entire SAML assertions; partial encryption of specific attributes is not available.
About this task
To encrypt SAML assertions, you must import the internet certificate for Domino in the server.id file. This step can be done automatically through the IdP configuration document. The automatic method is the easiest, but it is not always possible to use it. You must generate the certificate manually if any of the following conditions are true:
Note: Complete this procedure before you export an IdP configuration toServiceProvider.xml. That way,ServiceProvider.xml contains the certificate and it will be imported into your IdP with the other Domino configuration information.
Manually generating a certificate to encrypt SAML assertions If the Dominoserver.id file has a password, you as the administrator must create the SAML metadata file and the certificate file manually; the Create SP Certificatebutton in the IdP Catalog application cannot be used. You must also create the metadata file manually if you intend to verify SAML assertions using an Internet certificate that already exists in the server ID file.