CA API Gateway 9.1

9.4 9.1

Configure Encryption Settings

The SAML Protocol Request Wizard and  require you to configure encryption settings. These settings specify the encryption method to use, the recipient X.509 certificate, plus other advanced settings.
gateway83
The SAML Protocol Request Wizard and (Non-SOAP) Encrypt XML Element Assertion require you to configure encryption settings. These settings specify the encryption method to use, the recipient X.509 certificate, plus other advanced settings.
General: Configuring encryption settings
 Encryption_Settings_Configure.PNG
Advanced: Configuring encryption settings
EncryptionSettings-Advanced.PNG
Configure the settings as follows:
Setting
Description
[General] tab
Encryption Method
Choose the encryption method to use from the drop-down list. If unsure, use the default method shown.
Recipient X.509 Certificate
Indicate how the
Recipient X.509 Certificate
 should be obtained:
  • Specify certificate
    : Select this option to manually configure a recipient X.509 certificate and then click [
    Set Recipient Certificate
    ] to set the recipient X.509 certificate.
    For information on completing this wizard, see Configure Recipient Certificate Wizard
  • Use certificate from context variable
    : Select this option to use an X.509 certificate stored in a context variable. Enter the name of the variable in the adjacent box.
[Advanced] tab  
Add EncryptedData Type Attribute
 
Select this check box to specify a Type attribute to be included in the
xenc:EncryptedData
 element. Enter a valid URI for the Type attribute. You may specify a context variable. The default is
http://www.w3.org/2001/04/xmlenc#Element
.
The assertion will fail if the value at runtime fails to resolve to a valid URI.
Add Recipient Attribute
 
Select this check box to enter a Recipient attribute that will be included in the
xenc:EncryptedKey
 element. You may specify a context variable.
If the value resolves to an empty value during runtime, this will result in an attribute with an empty value.
Encrypt Only Element Contents
Select this check box to encrypt only the contents of matching elements. The open and close tags, as well as any attributes, are left unencrypted.
Clear this check box to encrypt matching elements, tags, and attributes.
Use OAEP
Select this check box to instruct the assertion to use the RSA-OAEP algorithm to sign the SAML token. For more information, see http://www.w3.org/2001/04/xmlenc#rsa-oaep-mgf1p.
Clear this check box to use the RSA 1.5 algorithm, which was used in pre-v8.0
API Gateway
. This setting is the default for policies created in versions prior to version 8.0.

Content feedback and comments