OpenConext / Mujina

A mock IDP and SP using the OpenSAML library
Apache License 2.0
367 stars 166 forks source link

How do I enable encryption for the SAML Assertion #74

Open linuzilla opened 3 years ago

linuzilla commented 3 years ago

I use Mujina to serve as IDP, but the SP require encryption for the SAML assertion. The metadata of the SP contain "encryption":

<md:KeyDescriptor use="encryption"><ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#"><ds:X509Data><ds:X509Certif
icate>MIIEAzCCAuugAwIBAgIUI4qKN939RQDNUu/xfdzQXYmMfuowDQYJKoZIhvcNAQELBQAwgZAxCzAJ
BgNVBAYTAlRXMQ8wDQYDVQQIDAZUYWl3YW4xETAPBgNVBAcMCFRhbyBZdWFuMSQwIgYDVQQKDBtO
...

Will it possibly work with Mujina IDP? And how should I do to make the it work.

thijskh commented 3 years ago

The Mujina IdP does not support encrypted assertions. You may provide a pull request to support it. I’m however not sure if the underlying library we use supports encryption. But you could find that out.