12.5.7.8.3. Restrictions
-
This handler should be used only when configuring Identity Providers.
-
For Service Providers, the decryption of SAML Assertion is already done by the authenticators.
-
When using this handler, make sure that your service providers are also configured with the Section 12.5.7.11, “SAML2SignatureGenerationHandler” and the Section 12.5.7.12, “SAML2SignatureValidationHandler” handlers.
-
Do not use this handler with the __ Section 12.5.7.11, “SAML2SignatureGenerationHandler” _ configured in the same chain. Otherwise SAML messages will be signed several times._