How to override DefaultRelayingParty values for an SP in relaying-party.xml

mrahman mrahman at
Wed Nov 19 14:37:59 EST 2014

I have my DefaultRelayingParty SAML2SSOProfile encryptAssertions=conditional.
I have a SP who can not handle encryptedAssertions.

So I created a Relaying Party Definition after </DefualtRelayingParty> in
relaying-party.xml file:

<rp:RelyingParty id=&quot;RPID&quot;
               provider=&quot;&lt;SP ENTITY ID>"
				<rp:ProfileConfiguration xsi:type="saml:SAML2SSOProfile"
				encryptAssertions="never" encryptNameIds="never" />

I am trying to understand the mechanism - how will the SP know not to use
the values in DefaultRelayingParty, rather to use this override? Because
when I go through the log after adding this block, I see my IDP is still
trying to encrypt the assertions for the SP.

What am I missing?

Thanks for your help guys! 

View this message in context:
Sent from the Shibboleth - Users mailing list archive at

More information about the users mailing list