search cancel

Signing SAML responses using Secure Access Cloud

book

Article ID: 240633

calendar_today

Updated On:

Products

Secure Access Cloud

Issue/Introduction

As an IdP administrator, I would like to use a third-party IdP such as Okta, PingID, etc. and would like Secure Access Cloud to sign SAML responses.

Environment

Third-Party Identify Provider

Secure Access Cloud (Service Provider)

Resolution

If Secure Access Cloud (SAC) is the SAML service provider, all SAML responses from your IdP should be signed to indicate it hasn't been tampered with by an unauthorized third-party.

You will need to configure SAC to validate the responses' signatures by obtaining a signing certificate from the IdP and loading the certificate from the IdP into your SAC IdP configuration.

To do this, You will need to following the steps on the SAC Techdoc: Integrate a Generic SAML IdP, refer to step # 18.

This will allowed SAC to accept a signed response for the assertion, the response, or both, however, this is only for signing and no encrypting. 

Note: SAML responses encryption is currently not supported.