diff --git a/configs/development.py b/configs/development.py
index b793995..b2351e4 100644
--- a/configs/development.py
+++ b/configs/development.py
@@ -138,3 +138,5 @@ SAML_ENABLED = False
 # #Configure to redirect to a different url then PowerDNS-Admin login after SAML logout
 # #for example redirect to google.com after successful saml logout
 # #SAML_LOGOUT_URL = 'https://google.com'
+
+# #SAML_ASSERTION_ENCRYPTED = True
diff --git a/configs/docker_config.py b/configs/docker_config.py
index 194da8c..91d49f5 100644
--- a/configs/docker_config.py
+++ b/configs/docker_config.py
@@ -43,6 +43,7 @@ legal_envvars = (
     'SAML_WANT_MESSAGE_SIGNED',
     'SAML_LOGOUT',
     'SAML_LOGOUT_URL',
+    'SAML_ASSERTION_ENCRYPTED',
 )
 
 legal_envvars_int = ('PORT', 'MAIL_PORT', 'SAML_METADATA_CACHE_LIFETIME')
@@ -58,6 +59,7 @@ legal_envvars_bool = (
     'SAML_SIGN_REQUEST',
     'SAML_WANT_MESSAGE_SIGNED',
     'SAML_LOGOUT',
+    'SAML_ASSERTION_ENCRYPTED',
 )
 
 # import everything from environment variables
diff --git a/powerdnsadmin/default_config.py b/powerdnsadmin/default_config.py
index b6f45ad..474d3b4 100644
--- a/powerdnsadmin/default_config.py
+++ b/powerdnsadmin/default_config.py
@@ -23,3 +23,4 @@ SQLALCHEMY_DATABASE_URI = 'mysql://'+SQLA_DB_USER+':'+SQLA_DB_PASSWORD+'@'+SQLA_
 
 # SAML Authnetication
 SAML_ENABLED = False
+SAML_ASSERTION_ENCRYPTED = True
\ No newline at end of file
diff --git a/powerdnsadmin/routes/index.py b/powerdnsadmin/routes/index.py
index 61e4bac..e9ffb85 100644
--- a/powerdnsadmin/routes/index.py
+++ b/powerdnsadmin/routes/index.py
@@ -722,6 +722,7 @@ def saml_authorized():
     req = saml.prepare_flask_request(request)
     auth = saml.init_saml_auth(req)
     auth.process_response()
+    current_app.logger.debug( auth.get_attributes() )
     errors = auth.get_errors()
     if len(errors) == 0:
         session['samlUserdata'] = auth.get_attributes()
diff --git a/powerdnsadmin/services/saml.py b/powerdnsadmin/services/saml.py
index 1114817..8fbeb1e 100644
--- a/powerdnsadmin/services/saml.py
+++ b/powerdnsadmin/services/saml.py
@@ -161,7 +161,8 @@ class SAML(object):
         settings['security']['requestedAuthnContext'] = True
         settings['security'][
             'signatureAlgorithm'] = 'http://www.w3.org/2001/04/xmldsig-more#rsa-sha256'
-        settings['security']['wantAssertionsEncrypted'] = True
+        settings['security']['wantAssertionsEncrypted'] = current_app.config.get(
+            'SAML_ASSERTION_ENCRYPTED', True)
         settings['security']['wantAttributeStatement'] = True
         settings['security']['wantNameId'] = True
         settings['security']['authnRequestsSigned'] = current_app.config[