AES256-CBC for encryption?

Wessel, Keith kwessel at
Mon May 13 12:10:22 EDT 2019

Sadly, no, no duplicate metadata for these guys. That would have been an easy fix.

I'm assuming this part of the encrypted assertion block in the response is what we care about?

<xenc:EncryptionMethod Algorithm=""
                             xmlns:xenc="" />

Are there any relying party or security configuration settings I might have that you don't that would prevent the IdP from honoring the encryption method in metadata?


-----Original Message-----
From: users <users-bounces at> On Behalf Of Cantor, Scott
Sent: Monday, May 13, 2019 10:44 AM
To: Shib Users <users at>
Subject: Re: AES256-CBC for encryption?

I tested using exactly your example, it worked fine. Maybe you hadn't reloaded the metadata or there's a duplicate somewhere.

-- Scott

For Consortium Member technical support, see
To unsubscribe from this list send an email to users-unsubscribe at

More information about the users mailing list