It is not a must to use the same public key for both SAML Response Signing
and Assertion encrypting. In the service provider metadata file,
the KeyDescriptor tag is as follows.
<md:KeyDescriptor use="signing">
<md:KeyDescriptor use="encryption">
But currently when setting a SAML service provider, we use the same public
key of the service provider for both response signing and assertion
encryption. IMO this is a good improvement to introduce with the metadata
profile implementation.
--
Hareendra Chamara Philips
*Software Engineer*
Mobile : +94 (0) 767 184161
[email protected]
_______________________________________________
Dev mailing list
[email protected]
http://wso2.org/cgi-bin/mailman/listinfo/dev
