IDP rely configuration - Adobe suggests a modification of default behaviour - any hints?

Peter Schober peter.schober at
Fri Oct 4 08:09:31 EDT 2019

* Peter Schober <peter.schober at> [2019-10-04 13:58]:
> Does anyone know whether the Okta SP (as used for Adobe Inc.) supports
> encryption?

At least some random documentation I found seems to suggest as much:
"Configure Inbound SAML" -> "Overview" -> "Capabilities":
"Support for encrypted assertions".


> *Encryption*
> Inbound SAML transparently supports encrypted SAML assertions. The
> IdP can encrypt using the public certificate from Okta and any of
> the following XML encryption algorithms.

So it seems removing the use="signing" restriction on the
KeyDescriptor should work and all documentation suggesting to disable
encryption is wrong? Or is the documentation above wrong?


More information about the users mailing list