We’re having OKTA to OKTA setup for SP and IDP, where upon authentication no SAML assertion is seen in the response, When I click on preview assertion everything shows fine on the OKTA IDP side and upon authentication all the user profile attributes are updated accordingly which are passed from IDP and honoured. But the only issue which is happening is we’re missing the whole Attributes section while the SAML response is signed. I can only see from the assertion sent that the assertion looks encrypted but on the IDP side Assertion encryption is set to unencrypted. So I’m unsure why its only happening between okta-okta setup and why does the encryption is enforced for assertion even though it’s not. Please help.
This i what I can see in Assertion
<saml2p:Status xmlns:saml2p="urn:oasis:names:tc:SAML:2.0:protocol">
<saml2p:StatusCode Value="urn:oasis:names:tc:SAML:2.0:status:Success"/>
</saml2p:Status>
<saml2:EncryptedAssertion xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion">
<xenc:EncryptedData Id="_9050441dd7312a7eaa650565e23879e5" Type="http://www.w3.org/2001/04/xmlenc#Element" xmlns:xenc="http://www.w3.org/2001/04/xmlenc#">
<xenc:EncryptionMethod Algorithm="http://www.w3.org/2009/xmlenc11#aes256-gcm" xmlns:xenc="http://www.w3.org/2001/04/xmlenc#"/>
<ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
<ds:RetrievalMethod Type="http://www.w3.org/2001/04/xmlenc#EncryptedKey" URI="#_ade040a22c8ab6e282ee2785a65d73a8"/>
</ds:KeyInfo>
<xenc:CipherData xmlns:xenc="http://www.w3.org/2001/04/xmlenc#">