[Question] saml20 saml.create API parameters

[petermikitsh]

Hey Auth0,

I was using the SAML 2.0 saml.create(options, callback) API and I had some questions about options parameters. For some context, I'm looking to create encrypted, signed SAML2 assertions, and I looked at the unit tests for examples, but I still have questions.

Are the following descriptions correct for each options parameter?

• options.cert: identity provider's x.509 certificate
• options.key: identity provider's private key
• options.encryptionPublicKey: service provider's public key
• options.encryptionCert: service provider's x.509 certificate

To my understanding of SAML (which may be incorrect), assertions are encrypted using the service provider's public key / certificate (which are are the two encryption variables), and then later the service provider will decrypt using their private key. I'm not sure of the purpose for the other two parameters, cert and key.

Clarification on these parameters is appreciated. Thank you in advance!

[meirshal]

I'm also trying to understand that issue.
I assume that options.cert and options.key are the certificate and private key of the IdP that are used for signing the request, and that options.encryptionPublicKey is used for encryption, but I don't understand what options.encryptionCert is used for.
Can someone please explain? Thanks!