Question: is encryption supported for the metadata?

[TheBabaYaga]

Is it currently supported to also use encryption in the metadata?

Currently you can set certificates and keys and it generates something like:

<KeyDescriptor use="signing">
</KeyDescriptor>

But in our case we also need one for encryption as wel so we get something like:

<KeyDescriptor use="signing">
</KeyDescriptor>
<KeyDescriptor use="encryption">
</KeyDescriptor>

[jeroenjoosen]

This would be awesome!

[tmilos]

This bundle's uses aerialship/lightsaml and it does not implement encryption of the SAML messages in it's current version, though it's able to build metadata with both usage keys. So, making metadata as you stated is possible, but decryption of the received assertion response is not. It's v2 is under progress in tmilos/lightsaml and it will implement encryption and decryption

[TheBabaYaga]

Ok, but I already see code in the aerialship/lightsaml library like "USE_ENCRYPTION", is there a way we can implement this ourself?

Also, is there a timeline somewhere for the V2 or do you have a estimate of the release data?

Thanks in advance.

[tmilos]

That's the constant name holding one of valid values for property use of KeyDescriptor as defined by SAML Core, but there's no logic implemented yet in v1 that does the encryption. Guess the way to do it yourself in v1 is to override AerialShip\SamlSPBundle\Bridge\AssertionConsumer::getSingleAssertion().

Sorry, I'm unable to provide timeline for v2. I'm tight with time available for it, but I hope it might be released some time during the summer.