undefined | Better HN

0 pointslvh6y ago0 comments

SAML typically uses RSA-OAEP or RSA-PKCSv15 for KEM. You usually get the cert from that from the SP (since otherwise you hold the private key), so I'm not sure how that goes sideways. The SP might still use the same encryption keys for each peer, but that should be fine.

You're right that per-SP pairs are still the right answer and for the reason you point out: much wider support.

0 comments

1 comments · 1 top-level

radlad6y ago

Duh - of course. Good point. As long as each SP has its own encryption key, this would be a valid solution assuming SP support.

j / k navigate · click thread line to collapse