rflt1 (rflt1) asked a question.
Is there a way to inflate assertion sent by Okta
one of the SP is not able to process the assertions if they are not inflated, is there a way to enable compression for one such app's assertions?
- jerrell.gary1.4491858992560479E12 (Presales - Americas Commercial, Emerging West)
Hello Kamlesh,
Within the Okta SAML wizard there are some ways to manipulate the assertion. Listed below are the options within the Okta AIW. Let me know if the information listed below helps.
1) Assertion Signature - Determines whether the SAML assertion is digitally signed or not. A digital signature is required to ensure that only your IDP generated the assertion.
2) Signature Algorithm - Determines the signing algorithm used to digitally sign the SAML assertion and response.
3) Digest Algorithm - Determines the digest algorithm used to digitally sign the SAML assertion and response.
4) Assertion Encryption - Determines whether the SAML assertion is encrypted or not. Encryption ensures that nobody but the sender and receiver can understand the assertion.
5) Encryption Algorithm - Determines the encryption algorithm used to encrypt the SAML assertion.
6) Key Transport Algorithm - Determines the key transport algorithm used to encrypt the SAML assertion.
7) Encryption Certificate - Determines the public key certificate used to digitally encrypt the SAML assertion.
Here is KB article about the AIW - https://help.okta.com/en/prod/Content/Topics/Apps/Apps_App_Integration_Wizard.htm
If you need additional information the Okta support number is 1-800-219-0964
Expand Post - mike.davie1.5312945692819849E12 (Customer First Programs)
Hello Kamlesh,
Thanks for posting your inquiry in Okta Community Portal.
If you receive a great answer to your question(s), please help readers find it by marking it the best answer. Hover over the answer and click "Best Answer."
Thank you,
Mike Davie
Okta Help Center
Expand Post - rflt1 (rflt1)
Well I am not talking about Assertion Encryption at all.
This is about supporting HTTP-Redirect binding for ACS endpoints, which would require the XML to be compressed (deflated), encoded to reduce the size of payload as it is sent as Querystring in URL.
This is part of SAML standard and free and basic IDP like Microsoft ADFS support this.
Expand Post - jerrell.gary1.4491858992560479E12 (Presales - Americas Commercial, Emerging West)
Hello Kamlesh Parmar,
Thank you for your reply. Okta offers many SSO implementation for integration with Service Providers. We will need to determine the endpoints which you are trying to leverage. We want to assist you to be successful in your Okta Org. To that end we want to make sure you have the best resources at your disposal for the task. If you could please open a support case by calling the Okta support number at 1-800-219-0964.
If you have the Metadata please provide the SP information to the case notes so we can further assist you.
Thank very much for choosing Okta.
Expand Post
This question is closed.
Hello Kamlesh Parmar,
Thank you for your reply. Okta offers many SSO implementation for integration with Service Providers. We will need to determine the endpoints which you are trying to leverage. We want to assist you to be successful in your Okta Org. To that end we want to make sure you have the best resources at your disposal for the task. If you could please open a support case by calling the Okta support number at 1-800-219-0964.
If you have the Metadata please provide the SP information to the case notes so we can further assist you.
Thank very much for choosing Okta.