This PR is based on my hypothesis that most IDPs automatically enable encryptedAssertions when our certificates contain an encryptionKeyDescriptor.
Way back when I set up Coastal Carolina's site, they were stuck with encryptedAssertions turned on until they asked me to remove the encryption key from the metadata file. This had no adverse affects. If removing that key fixes the issue in all cases, it would make tenant setup a lot smoother, as the majority of tenants end up needing to manually turn it off and it seems like some IDPs don't make it easy.
This PR is based on my hypothesis that most IDPs automatically enable
encryptedAssertions
when our certificates contain anencryption
KeyDescriptor
.Way back when I set up Coastal Carolina's site, they were stuck with
encryptedAssertions
turned on until they asked me to remove theencryption
key from the metadata file. This had no adverse affects. If removing that key fixes the issue in all cases, it would make tenant setup a lot smoother, as the majority of tenants end up needing to manually turn it off and it seems like some IDPs don't make it easy.