I am implementing an SP initiated web browser SAML SSO profile in JBOSS.
My application is the SP.
After login, I expect the IDP to send me an encrypted assertion of the following format:
<samlp:Response...>
<ds:Signature>...
<ds:KeyInfo>....</ds:KeyInfo>
</ds:Signature>
<samlp:Status>...</samlp:Status>
<saml:EncryptedAssertion>...</saml:EncryptedAssertion>
</samlp:Response>
It works fine for some of the IDPs, but now I have an IDP which sends me:
<saml2p:Response...>
<saml2p:Status>...</saml2p:Status>
<saml2:EncryptedAssertion>...
<ds:KeyInfo>...</ds:KeyInfo>
</saml2:EncryptedAssertion>
</saml2p:Response>
And the authentication fails since the signature is missing.
My question is: Is there a standard format of SAML 2.0 encrypted assertion which I can tell the IDP admin to use? Or must I support both ways?
Thanks