Configure Encryption Settings
The SAML Protocol Request Wizard and require you to configure encryption settings. These settings specify the encryption method to use, the recipient X.509 certificate, plus other advanced settings.
The (Non-SOAP) Encrypt XML Element Assertion require you to configure encryption settings. These settings specify the encryption method to use, the recipient X.509 certificate, plus other advanced settings.
General: Configuring encryption settings
Advanced: Configuring encryption settings
Configure the settings as follows:
Choose the encryption method to use from the drop-down list. If unsure, use the default method shown.
Recipient X.509 Certificate
Indicate how the
Recipient X.509 Certificateshould be obtained:
Add EncryptedData Type Attribute
Select this check box to specify a Type attribute to be included in the
xenc:EncryptedDataelement. Enter a valid URI for the Type attribute. You may specify a context variable. The default is
The assertion will fail if the value at runtime fails to resolve to a valid URI.
Add Recipient Attribute
Select this check box to enter a Recipient attribute that will be included in the
xenc:EncryptedKeyelement. You may specify a context variable.
If the value resolves to an empty value during runtime, this will result in an attribute with an empty value.
Encrypt Only Element Contents
(available only from the (Non-SOAP) Encrypt XML?Element assertion)
Select this check box to encrypt only the contents of matching elements. The open and close tags, as well as any attributes, are left unencrypted.
Clear this check box to encrypt matching elements, tags, and attributes.
Select this check box to instruct the assertion to use the RSA-OAEP algorithm to sign the SAML token. For more information, see http://www.w3.org/2001/04/xmlenc#rsa-oaep-mgf1p.
Clear this check box to use the RSA 1.5 algorithm, which was used in pre-v8.0
API Gateway. This setting is the default for policies created in versions prior to version 8.0.