IDP rely configuration - Adobe suggests a modification of default behaviour - any hints?

[Cantor, Scott]

> Does anyone know whether the Okta SP (as used for Adobe Inc.) supports
> encryption?

It does not, as I recall.

> While the generated metadata I've seen does contain a certificate that comes
> with the use="signing" restriction (which when paired with
> SPSSODescriptor/@AuthnRequestsSigned="false" and no SLO support makes
> no sense as there's nothing left for the SP to sign).

Most of the time the flag being on isn't correlated with them actually signing. Most vendor metadata is barely correct, and often actively wrong.

-- Scott