Skip to content

Support SAML assertion encryption as SP #2378

New issue
New issue
Closed
Closed
Support SAML assertion encryption as SP#2378
Assignees
spwitt
Labels
enhancementNew feature or request
Milestone
1.55.0
@spwitt

Description

@spwitt
spwitt
opened on Jul 21, 2023

Support SAML assertion encryption as SP

Problem

As a SAML Service Provider (SP), FusionAuth does not support receiving encrypted SAML assertions from an external SAML IdP.

Solution

When FusionAuth is acting as the SAML SP:

  1. Allow configuring a key/certificate pair in Key Master. The private key will be used by FusionAuth for assertion decryption. The certificate will be shared with the SAML IdP for assertion encryption.
  2. Update SAML IdP configuration in FusionAuth to provide settings for SAML decryption as the SP
  3. Use the configured private key to decrypt the encrypted SAML assertions

Alternatives/workarounds

None.

Additional context

Split from

See also

Community guidelines

All issues filed in this repository must abide by the FusionAuth community guidelines.

How to vote

Please give us a thumbs up or thumbs down as a reaction to help us prioritize this feature. Feel free to comment if you have a particular need or comment on how this feature should work.

Metadata

Metadata

Assignees

Labels

enhancementNew feature or request

Type

No type

Projects

FusionAuth Issues

Status

Delivered

Milestone

Relationships

None yet

Development

No branches or pull requests

Issue actions