Enable encrypted SAML responses between ETP and AD FS

To enable communication with encrypted SAML responses, configure both ETP and AD FS. This is an optional configuration.
  1. Configure ETP to send encrypted SAML responses.
  2. Configure AD FS for sending encrypted SAML responses.

Configure ETP to send encrypted SAML responses

Complete this procedure to configure ETP to send encrypted SAML responses.

How to

  1. Return to ETP and open the IdP you created for AD FS.
    1. In the ETP navigation menu, select Identity > Identity Providers.
      Note: If you are trying the new Enterprise Center interface, in the navigation menu, select Identity & Users > Identity Providers.
    2. Click the name of the IdP you created for AD FS.
  2. Under Authentication Configuration settings, select Encrypted SAML Response.
  3. Click Save.

Next steps

  1. Deploy the IdP configuration.
    • If you are trying the new Enterprise Center interface, in the identity provider configuration, you can click the icon next to the Ready for Deployment status. A deployment icon also appears next to a failed deployment status in case you need to deploy the identity provider again. This action starts the deployment process.
    • Deploy identity provider configuration changes in the list of Pending Changes. For more information, see Deploy configuration changes.
  2. Configure AD FS for sending encrypted SAML responses

Configure AD FS for sending encrypted SAML responses

Complete this procedure to configure AD FS for sending encrypted SAML responses.

How to

  1. Return to the relying party trust. For example, IDP-RPT.
  2. In AD FS manager, edit properties of relying party trust.
  3. Under the Encryption tab, click Browse.
  4. Navigate to the certificate file cert.cer file.
  5. Click OK.