Encryption method is missing from metadata

[Guilhem Achikbache]

Hi, I'm configuring an SP with simplesamlphp, v1.14.11. I gave the metadata url to the person managing the IdP, but he is complaining that the following code is missing from the XML :

<EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#aes128-cbc">
    <xenc:KeySize>128</xenc:KeySize>
</EncryptionMethod>

I added 

 'nameid.encryption' => true,
 'assertion.encryption' => true,

to the configuration of the remote idp file (metadata/saml20-idp-remote.php) but no luck

Can anyone help me with this ?

Thanks

[Jaime Perez Crespo]

Hi Guilhem,

I’m afraid that’s not possible currently.

However, that’s not mandatory in the SAML metadata and the IdP should not require it to use your metadata.

In any case, what the IdP is requiring you to support is symmetric key encryption with a shared key (you can configure that by specifying the “sharedkey” config option in the remote IdP metadata), and that’s something I wouldn’t recommend. Usually, public key cryptography is used instead with self-signed certificates included in the metadata.

--
Jaime Pérez
UNINETT / Feide

jaime...@uninett.no
jaime...@protonmail.com
9A08 EA20 E062 70B4 616B 43E3 562A FE3A 6293 62C2

"Two roads diverged in a wood, and I, I took the one less traveled by, and that has made all the difference."
- Robert Frost

[Guilhem Achikbache]

Thank you for your answer. Surprisingly, he asked me to add it manually to the XML...