Hello, I'm trying to integrate with InCommon federation, using Keycloak as an Identity Broker. Workflow is JEE app <--> Keycloak Broker <--> InCommon IdP. The problem is that InCommon requires SAML Assertion Encrypting. As far as I can see, in the Keycloak IdP setup, I can only set the signing for document. Looking at this SPSSODescriptor from Keycloak: <EntityDescriptor entityID="ENTITY_ID_FOR_IDP"><SPSSODescriptor AuthnRequestsSigned="true" protocolSupportEnumeration="urn:oasis:names:tc:SAML:2.0:protocol urn:oasis:names:tc:SAML:1.1:protocol http://schemas.xmlsoap.org/ws/2003/07/secext"> <KeyDescriptor use="signing"> <dsig:KeyInfo> <dsig:KeyName>ASDFASDFASDF</dsig:KeyName> <dsig:X509Data> <dsig:X509Certificate>qwerqwerqwer</dsig:X509Certificate> </dsig:X509Data> </dsig:KeyInfo></KeyDescriptor> ........ </SPSSODescriptor> </EntityDescriptor> The KeyDescriptor is not for 'signing' and not for 'encrypting'. How do I set that flag? Thanks, Jason _______________________________________________ keycloak-user mailing list keycloak-user(a)lists.jboss.org https://lists.jboss.org/mailman/listinfo/keycloak-user