AES256-CBC for encryption?

Cantor, Scott cantor.2 at
Mon May 13 12:18:15 EDT 2019

On 5/13/19, 12:10 PM, "users on behalf of Wessel, Keith" <users-bounces at on behalf of kwessel at> wrote:

> I'm assuming this part of the encrypted assertion block in the response is what we care about?


> Are there any relying party or security configuration settings I might have that you don't that would prevent the IdP
> from honoring the encryption method in metadata?

Not that I know of. I've only ever done examples that change defaults, not limit the set that it can pick from. I guess you'd have to turn up the logging when it selects the algorithm but I don't know the category offhand, it would be in opensaml.

I don't think it can possibly be using that metadata, that's got to be the simplest answer. If you turn logging all the way up and open a support ticket with it I can try to look at it, or if JIRA's not sufficiently accessible maybe a pastebin to link to the log.

-- Scott

More information about the users mailing list