How to specify SAML encryption certificate in ruby-saml?

[mikemarsian]

The gem supports adding certificate and private-key info to Service Provider's metadata, but as far as I can see, that configures only signing certificate, but not encryption one. Here's the SO question I wrote on the subject. Would appreciate any assistance.
https://stackoverflow.com/questions/61427985/how-to-specify-saml-encryption-certificate-in-ruby-saml

[sunilnk19]

If I understood correctly, You are not able to send the SAMLResponse in the encrypted form. If that is the case, when you are building the SAML response, send one more parameter

saml_response = encode_response( :encryption => encryption_opts())

def encryption_opts: 
return {
      cert: saml_request.service_provider.cert,
      block_encryption: 'aes256-cbc',
      key_transport: 'rsa-oaep-mgf1p'
    }

[mikemarsian]

Thank you for the reply, but I'm not sure I understand where would this code fit. I use saml_config_hash = OneLogin::RubySaml::IdpMetadataParser.new.parse_to_hash(idp_metadata_file) to parse the SAML metadata file provided by the identity provider, and add to the resulting hash options, such as:
saml_config_hash.merge( certificate: "--- BEGIN CERTIFICATE---...", private_key: "--- BEGIN PRIVATE KEY---" )