We're doing tenant setup again with Purdue. They said they've migrated our settings over from the old IDP, but I received an error message during a quick test run.
While I'm not certain that encrypted assertions were the culprit this time, it's definitely going to be the cause of some back-and-forth with the tenant. Including an encryption certificate tells the IDP that we want encrypted assertions. We tell them that we don't want encrypted assertions. They get confused because our metadata and our emails say opposite things.
Summary
See #460
We're doing tenant setup again with Purdue. They said they've migrated our settings over from the old IDP, but I received an error message during a quick test run.
While I'm not certain that encrypted assertions were the culprit this time, it's definitely going to be the cause of some back-and-forth with the tenant. Including an
encryption
certificate tells the IDP that we want encrypted assertions. We tell them that we don't want encrypted assertions. They get confused because our metadata and our emails say opposite things.