[satosa-users] How to add encryption cert to metadata

Hi all, I want to include a KeyDescriptor for use=encryption in the generated SAML2 metadata. I'm talking about the {host}/Saml2/proxy_saml2_backend.xml endpoint. The following config works (i.e. SATOSA happily accepts encrypted assertions), however the metadata endpoint does *not* include use="encryption": sp_config:     key_file: /etc/satosa/credentials/saml2backend.key     cert_file: /etc/satosa/credentials/saml2backend.crt On the other hand, the following config does not work (i.e. SATOSA throws an exception, once an encrypted assertion is received), however the metadata endpoint *does* include use="encryption": sp_config:     key_file: /etc/satosa/credentials/saml2backend.key     cert_file: /etc/satosa/credentials/saml2backend.crt     encryption_keypairs:       - key_file: /etc/satosa/credentials/saml2backend.key         cert_file: /etc/satosa/credentials/saml2backend.crt I'm sure there's an easy solution. Anyone able to help? Cheers, David