diff --git a/config/config.js b/config/config.js
index 6baed14f133dfb14b4d12f6e3739c09d9a12e6f5..191cc5a24e5d3b53ae84e328b9a926d874dc82e7 100644
--- a/config/config.js
+++ b/config/config.js
@@ -1,3 +1,4 @@
+var fs = require("fs");
 
 module.exports = {
   development: {
@@ -33,7 +34,9 @@ module.exports = {
         entryPoint: process.env.SAML_ENTRY_POINT || 'https://nomad-login.csc.fi/idp/profile/SAML2/Redirect/SSO',
         issuer: 'http://172.24.131.117/shibboleth',
         identifierFormat: null,
-        acceptedClockSkewMs: -1
+        acceptedClockSkewMs: -1,
+        cert: fs.readFileSync('idp-signing.crt', 'utf-8'),
+        decryptionPvk: fs.readFileSync('privatekey.key', 'utf-8') //path to private key to be used to encrypt requests
       }
     },
     k8component: {
diff --git a/config/idp-signing.crt b/config/idp-signing.crt
new file mode 100644
index 0000000000000000000000000000000000000000..50a39c855cb88be893e264f4274e75086e7d8dbd
--- /dev/null
+++ b/config/idp-signing.crt
@@ -0,0 +1,19 @@
+-----BEGIN CERTIFICATE-----
+MIIDHzCCAgegAwIBAgIUWMwz3jCtgA6KEcPDHZ/QVdlLBgwwDQYJKoZIhvcNAQEL
+BQAwGDEWMBQGA1UEAwwNdmFncmFudC5sb2NhbDAeFw0xNTA3MDMwODA1MDJaFw0z
+NTA3MDMwODA1MDJaMBgxFjAUBgNVBAMMDXZhZ3JhbnQubG9jYWwwggEiMA0GCSqG
+SIb3DQEBAQUAA4IBDwAwggEKAoIBAQCJZNvDWHgRxVViPbJW2V8BBGJ0jux9KUO9
+uWdz72tDehjaG6KZ1bK82sWc0awMivJriahgkrUWwHD8KNHxcG5n32y6S0uw/iZh
+l+lKpUFIKWSEEjbL+PQSwgqDPaG85GV1ajlwLS46dS+qY2xTeH02kXHbRePwSFHO
+qDkOQjgTVm5tUaEmS2pb8yA7urgKa5yZPL8W2QMLC6rndK5RGioXaECCb29b5EdB
+u4M/xV8MOKJrdiDrZfrNoZkoGIkPwb1Sy88s9GTV6ekxfHegg5nDEpkf0l/HFhGG
+MZZsI+r8NBczHW8e+fR5fdD2RXXR006vRGmZos64MQhdUeDDTrNPAgMBAAGjYTBf
+MB0GA1UdDgQWBBSku5lLdNwqBApbOjn9fB2G3cREaTA+BgNVHREENzA1gg12YWdy
+YW50LmxvY2FshiRodHRwczovL3ZhZ3JhbnQubG9jYWwvaWRwL3NoaWJib2xldGgw
+DQYJKoZIhvcNAQELBQADggEBAFEcbtqhmCH+vGSGOV6g6t7p1jMCkB9IB6Z6higz
+/GQ9pkcAxsjoOJoSvpQE0YHOerNfEBv/tr7FNj4DZ4ANo7lZQx1V/7hG6qebCbaZ
+cmmiYYBYqyusjeyD4qq60/BVIDq/3861OBJ418PkqIfh8WwONdDcuBAGrjxzt/GA
+Azxx4Tf5Mk46Tn0p6/l2+FRVSwukT1JyWyKlXhaNSbEUVUhKDXaMiDzbjI2FVNG4
+/PRJNGi4tfS38HY5QxQ6EQANDvVszU87vYWChkaB3LYJ01Vf7rNg+aGsZJot3/3G
+/yswfhsQrzWB/UOSiRbVyN3I30SHorH+37/02oFoAggGu4Y=
+-----END CERTIFICATE-----
diff --git a/config/passport.js b/config/passport.js
index 37891294349174a4c9dc4d72b7154db989f51867..ad29b488f73d4f59aea02b8e5a705ffa2ded02ed 100644
--- a/config/passport.js
+++ b/config/passport.js
@@ -16,7 +16,9 @@ module.exports = function (passport, config) {
       entryPoint: config.passport.saml.entryPoint,
       issuer: config.passport.saml.issuer,
       identifierFormat: config.passport.saml.identifierFormat,
-      acceptedClockSkewMs: -1
+      acceptedClockSkewMs: -1,
+      decryptionPvk: config.passport.saml.decryptionPvk,
+      cert: config.passport.saml.cert
     },
     function (profile, done) {
       return done(null,