Forum Discussion
NimbostratusError Encrypting a SAML Assertion from APM
Certificates in question are used for a symmetric key transport when assertion (or parts of it) needs to be encrypted by APM as IdP.
According to SAML 2.0 specification, or more precisely xmlenc-core (https://www.w3.org/TR/2002/REC-xmlenc-core-20021210/), there are only two algorithms that can be used for key transport:
Key Transport REQUIRED RSA-v1.5 http://www.w3.org/2001/04/xmlencrsa-1_5 REQUIRED RSA-OAEP http://www.w3.org/2001/04/xmlencrsa-oaep-mgf1p
With later RSA-OAEP algorithm not recommended to be used due to potential security implications!
Therefore, according to SAML specification, DSA certificates are not allowed to be used for encryption.
AltocumulusCertificates in question are used for a symmetric key transport when assertion (or parts of it) needs to be encrypted by APM as IdP.
According to SAML 2.0 specification, or more precisely xmlenc-core (https://www.w3.org/TR/2002/REC-xmlenc-core-20021210/), there are only two algorithms that can be used for key transport:
Key Transport REQUIRED RSA-v1.5 http://www.w3.org/2001/04/xmlencrsa-1_5 REQUIRED RSA-OAEP http://www.w3.org/2001/04/xmlencrsa-oaep-mgf1p
With later RSA-OAEP algorithm not recommended to be used due to potential security implications!
Therefore, according to SAML specification, DSA certificates are not allowed to be used for encryption.
NimbostratusPerfect thanks Sergei! This is along the lines of what I was thinking must be hapening. I will change them to RSA.
