The SAML developer guide asks to put entry in web.config in app.settings and encrypt the app.settings section using Aspnet_regiis. However I don’t want to encrypt the app.settings section. Is there any way I can create a encrypt a custom section e.g. </ and encrypt that.
while encrypting you have to mention provider e.g. ’ RsaProtectedConfigurationProvider’. Which provider should be mentioned?
Currently we only support retrieving the password from the encrypted appSettings.
The other option is to store the certificate in the Windows certificate store rather than on the file system.
That way you don’t require a password at all.
[quote]
[/quote]
I am assuming we can call Windows certificate store on saml.config? If so, how do you set the ServiceProvider's LocalCertificateFile?
We do have concern to store server certificate (pfx) and its password in saml.config. Although we can encrypt it, we were wondering if I can just pull certificate directly from Windows certificate store without put the password.
Thanks.
[quote]
[/quote]
I am assuming we can call Windows certificate store on saml.config? If so, how do you set the ServiceProvider's LocalCertificateFile?
We do have concern to store server certificate (pfx) and its password in saml.config. Although we can encrypt it, we were wondering if I can just pull certificate directly from Windows certificate store without put the password.
Thanks.[/quote]
I think I found it... https://www.componentspace.com/Forums/44/X.509-Certificate-Management
Yes, that’s the correct link.
Storing the certificate in the Windows certificate store means you don’t have to store a password to access it.
Instead, access is protected through permissions that are set through the Microsoft management console’s Certificates snap-in.
You then reference the certificate in your SAML configuration via its serial number (LocalCertificateSerialNumber), thumbprint (LocalCertificateThumbprint) or subject name (LocalCertificateSubject).