SECURING


Generating a certificate to encrypt SAML assertions

Your organization may require SAML assertions to be encrypted if assertions include attributes that contain sensitive personal data, for example, social security numbers. Domino® encrypts entire SAML assertions; partial encryption of specific attributes is not available.

About this task

To encrypt SAML assertions, you must import the internet certificate for Domino in the server.id file. This step can be done automatically through the IdP configuration document. The automatic method is the easiest, but it is not always possible to use it. You must generate the certificate manually if any of the following conditions are true:


Note: You can create an Internet certificate by other methods, for example using the Domino certificate authority (CA), as long as the Internet certificate key usage allows for signing.

Note: Complete this procedure before you export an IdP configuration toServiceProvider.xml. That way,ServiceProvider.xml contains the certificate and it will be imported into your IdP with the other Domino configuration information.


Parent topic: Using Security Assertion Markup Language (SAML) to configure federated-identity authentication