SAML Response encryption - setting encryptionCert and encryptionPublicKey is not working
yesvivek opened this issue · 5 comments
I tried setting encryptionCert and encryptionPublicKey options when creating samlp.auth() but it just prints [object Object] in console and browser.
Have created the certificate and key using
openssl req -newkey rsa:2048 -nodes -keyout enc.key -x509 -days 365 -out enc.crt
What am doing wrong? Please help!
@mcastany , could you let me know whether encryption of SAML-Response is supported and expected to work?
yes, it's supported:
samlp.auth({
// ...
encryptionPublicKey: fs.readFileSync(__dirname + '/your_rsa.pub'), // a valid RSA public key
encryptionCert: fs.readFileSync(__dirname + '/your_public_cert.pem') // a valid x509 certificate encoded as PEM
})
Awesome, this is helpful 👍 Thanks @siacomuzzi
@siacomuzzi I'm trying to implement an IdP using this library. My understanding is that encryptionPublicKey is the SP's public key which is used to encrypt the request, so that only the SP could decrypt it using it's private key.
Is that true?
Also, what is the purpose of encryptionCert? Thanks!
encryptionPublicKey: RSA public key used by the SAML IdP to encrypt the SAMLResponseencryptionCert: a x509 certificate encoded as PEM used by the SAML IdP to embedded it in the SAMLResponse (inside<X509Data><X509Certificate>node)
app.get('/samlp', samlp.auth({
encryptionPublicKey: fs.readFileSync(__dirname + '/idp_encrypt_rsa.pub'), // '-----BEGIN PUBLIC KEY-----',
encryptionCert: fs.readFileSync(__dirname + '/idp_encrypt_public_cert.pem'), // '-----BEGIN CERTIFICATE-----',
// ...
}));
Unfortunately, this module does not support encrypted SAMLRequests yet. Could you please explain me your requirements? A SAMLRequest usually doesn't contain much private data so there is little need to encrypt the request itself.