PingFederate supports the optional SAML 2.0 specification allowing for encryption of assertions, including security token service (STS) SAML tokens, which further enhances confidentiality when required.
For SAML 2.0 single sign-on (SSO) connections, you can choose to encrypt entire assertions or individual user attributes, including the user's name identifier. You can use signature verification and signing keys to encrypt and decrypt messages, respectively.