This PR is based on my hypothesis that most IDPs automatically enable encryptedAssertions when our certificates contain an encryptionKeyDescriptor.
Way back when I set up Coastal Carolina's site, they were stuck with encryptedAssertions turned on until they asked me to remove the encryption key from the metadata file. This had no adverse affects. If removing that key fixes the issue in all cases, it would make tenant setup a lot smoother, as the majority of tenants end up needing to manually turn it off and it seems like some IDPs don't make it easy.
This PR is based on my hypothesis that most IDPs automatically enable
encryptedAssertionswhen our certificates contain anencryptionKeyDescriptor.Way back when I set up Coastal Carolina's site, they were stuck with
encryptedAssertionsturned on until they asked me to remove theencryptionkey from the metadata file. This had no adverse affects. If removing that key fixes the issue in all cases, it would make tenant setup a lot smoother, as the majority of tenants end up needing to manually turn it off and it seems like some IDPs don't make it easy.