Peter Schober peter.schober at univie.ac.at
Wed Nov 12 12:02:49 EST 2014

* Liam Hoekenga <liamr at umich.edu> [2014-11-12 18:01]:
> What I can't figure out is why it's decided it should encrypt the
> assertion?

When the transmission is not secure (as it won't be in the browser,
where TLS from the IDP webserver has already been terminated and
before another TLS to the SP will be opened) the IDP will try to
encrypt the assertion. And fail if the SP doesn't have a key.

More information about the users mailing list