allow unencrypted assertions

http is deprecated (https is not plain text) and saml2 responses are signed anyway

ssoauth/app_settings/__init__.py

@@ -65,7 +65,7 @@ ONELOGIN_SETTINGS_TEMPLATE = {
         "wantAssertionsSigned": True,
         "wantNameId": False,  # set to True for SLO support (Single Log Out)
         "wantNameIdEncrypted": False,
-        "wantAssertionsEncrypted": True,
+        "wantAssertionsEncrypted": False,
         "signatureAlgorithm": "http://www.w3.org/2001/04/xmldsig-more#rsa-sha512",
         "metadataCacheDuration": "P{n}D".format(n=SP_METADATA_LIFETIME_DAYS),
         "metadataValidUntil": (datetime.now() + timedelta(days=SP_METADATA_LIFETIME_DAYS)).strftime('%Y-%m-%dT%H:%M:%S.%fZ')