Hi
We're setting up SAML SSO implementation with OneLogin as our IdP, and need clarification regarding encrypted assertion support:
1. We notice that OneLogin configuration allows setting TRIPLEDES-CBC as the SAML encryption method as stated in the KB "How to integrate Confluence DC with OneLogin for SAML SSO 2.0"
2. However, analyzing the implementation, we don't see any configuration points in Confluence for:
- Service Provider Private Key configuration
- HSM integration for decryption
- Any other mechanism to handle encrypted assertions
Questions:
- Does Confluence Data Center actually support encrypted SAML assertions?
- If yes, where/how is the decryption key material configured?
- If no, should we disable encryption settings in OneLogin to prevent authentication failures?
Any suggestions would be greatly appreciated!
