We have an IDP that integrates with several cloud SaaS providers. They run all types of SP software and want all kinds of different looking assertions.

In particular we now have one vendor that wants our assertions to be encrypted while others do not.

Setting <Handler class="org.picketlink.identity.federation.web.handlers.saml2.SAML2EncryptionHandler" /> and <PicketLinkIDP xmlns="urn:picketlink:identity-federation:config:2.1" SupportsSignatures="true" Encrypt="true">
in the IDP picketlink.xml is an all or nothing change that affects all of our SP integrations.

We would like to be able to enable and disable Encryption on a per SP basis similar to how we can currently set AuthnRequestsSigned="false" WantAssertionsSigned="true" in sp-metadta.