We are doing a POC with ComponentSpace as an IDP. One of our Service Provider’s extended configuration (partial) -
We support encryption of SAML attributes and identifiers in our low-level API but we only support encryption of SAML assertions in the high-level API which includes the PartnerServiceProviderConfiguration.EncryptAssertion property.
Encrypting SAML attributes and identifiers is not recommended and very rarely done. Rather than encrypting individual identifiers or attributes, you’re much better simply encrypting the entire SAML assertion. There’s no real performance disadvantage in doing this. In fact, it’s more efficient than encrypting multiple individual identifiers and attributes.
I recommend confirming with the service provider that supporting encrypted SAML assertions is sufficient.