From 18504bf4d1d95faa155ddb342dececb498d7d2f4 Mon Sep 17 00:00:00 2001
From: Art Lukyanchyk <artiom.lukyanchyk@hs-hannover.de>
Date: Mon, 18 Mar 2024 16:14:10 +0100
Subject: [PATCH] allow unencrypted assertions

http is deprecated (https is not plain text) and saml2 responses are signed anyway
---
 ssoauth/app_settings/__init__.py | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/ssoauth/app_settings/__init__.py b/ssoauth/app_settings/__init__.py
index 7381b96..301e69e 100644
--- a/ssoauth/app_settings/__init__.py
+++ b/ssoauth/app_settings/__init__.py
@@ -65,7 +65,7 @@ ONELOGIN_SETTINGS_TEMPLATE = {
         "wantAssertionsSigned": True,
         "wantNameId": False,  # set to True for SLO support (Single Log Out)
         "wantNameIdEncrypted": False,
-        "wantAssertionsEncrypted": True,
+        "wantAssertionsEncrypted": False,
         "signatureAlgorithm": "http://www.w3.org/2001/04/xmldsig-more#rsa-sha512",
         "metadataCacheDuration": "P{n}D".format(n=SP_METADATA_LIFETIME_DAYS),
         "metadataValidUntil": (datetime.now() + timedelta(days=SP_METADATA_LIFETIME_DAYS)).strftime('%Y-%m-%dT%H:%M:%S.%fZ')
-- 
GitLab