Support for encrypted assertions

[dblessing]

Does omniauth-saml support encrypted assertions? ruby-saml does so maybe it's possible here and I'm just not seeing it. If anyone has insight, please share.

[md5]

I haven't tried it, but the settings for omniauth-saml pass through to ruby-saml, so you should be able to set the private_key setting to make it work. The readme also mentions setting certificate, but I don't think that's needed for decrypting assertions (though it may be helpful if your IdP is trying to determine the target public key from the metadata URL).

I believe this has been possible since #82 was merged. There is some further discussion in #50, #52, and #58.

[jiongye]

@dblessing I am able to use encrypted assertions, all you need is to set the 'private_key' and 'certificate' in the setting when you pass it to the saml provider.

[pitbulk]

@md5 certificate is required not for decrypt, but in order to offer this certificate on the SP metadata, so the IdP's admin can retrieve and use to encrypt the Assertion/NameID of the SAMLResponse.

[md5]

@pitbulk I did mention that use case in my comment, but it's good to hear it directly from a ruby-saml developer like yourself.