Closed mbraeger closed 6 years ago
Hi,
the option dumps the SAML Response data precicely as we receive it from the IdP. It is not processed in any way before it is saved. I don't see this behavior changing -- there is no way to get a response with a decrypted assertion, since the assertion is not inserted into the response when it is decrypted. Also doing that would break any signatures that may be on the Response element.
We have to reuse SAML2 assertions from SSO token within our server backend to authorize against a custom authorization service. To do that we have to provide the decrypted XML Assertion, but currently we only manage to receive
EncryptedAssertion
via mod_auth_mellon from our SSO instance.I fiddled with the Provider Metadata, but without success. I thought that this option should fix it:
Unfortunately, after restarting httpd the Assertion is still encrypted.
Here an example:
In case we don't mange to get the decrypted Assertion with the SAML response we have to decrypt it ourselves in the server backend which we would like to avoid.