AES256-CBC for encryption?
Cantor, Scott
cantor.2 at osu.edu
Mon May 13 12:18:15 EDT 2019
On 5/13/19, 12:10 PM, "users on behalf of Wessel, Keith" <users-bounces at shibboleth.net on behalf of kwessel at illinois.edu> wrote:
> I'm assuming this part of the encrypted assertion block in the response is what we care about?
Yes.
> Are there any relying party or security configuration settings I might have that you don't that would prevent the IdP
> from honoring the encryption method in metadata?
Not that I know of. I've only ever done examples that change defaults, not limit the set that it can pick from. I guess you'd have to turn up the logging when it selects the algorithm but I don't know the category offhand, it would be in opensaml.
I don't think it can possibly be using that metadata, that's got to be the simplest answer. If you turn logging all the way up and open a support ticket with it I can try to look at it, or if JIRA's not sufficiently accessible maybe a pastebin to link to the log.
-- Scott
More information about the users
mailing list