Using the generated keys

Add this to index.js

const fs = require("fs");

const PbK = fs.readFileSync(__dirname + "/certs/cert.pem", "utf8");
const PvK = fs.readFileSync(__dirname + "/certs/key.pem", "utf8");

Add the following key-value pair to the SAML strategy config options object

decryptionPvk: PvK,

Add the public key to your metadata by passing it as an argument to generateServiceProviderMetadata function:

app.get("/jhu/metadata", (req, res) => {
  res.type("application/xml");
  res.status(200);
  res.send(samlStrategy.generateServiceProviderMetadata(PbK));
});

Now run the server and head over to http://localhost:7000/jhu/metadata. Notice the <KeyDescriptor use="encryption"> element which is added to metadata XML.

Diff
diff --git a/code/index.js b/code/index.js
index 8e59655..468616d 100644
--- a/code/index.js
+++ b/code/index.js
@@ -1,6 +1,10 @@
 const express = require("express");
 const passport = require("passport");
 const saml = require("passport-saml");
+const fs = require("fs");
+
+const PbK = fs.readFileSync(__dirname + "/certs/cert.pem", "utf8");
+const PvK = fs.readFileSync(__dirname + "/certs/key.pem", "utf8");
 
 const JHU_SSO_URL = "https://idp.jh.edu/idp/profile/SAML2/Redirect/SSO";
 const SP_NAME = "glacial-plateau-47269";
@@ -13,6 +17,7 @@ const samlStrategy = new saml.Strategy(
     entryPoint: JHU_SSO_URL,
     issuer: SP_NAME,
     callbackUrl: `${BASE_URL}/jhu/login/callback`,
+    decryptionPvk: PvK,
   },
   (profile, done) => {
     return done(null, profile);
@@ -59,7 +64,7 @@ app.post(
 app.get("/jhu/metadata", (req, res) => {
   res.type("application/xml");
   res.status(200);
-  res.send(samlStrategy.generateServiceProviderMetadata());
+  res.send(samlStrategy.generateServiceProviderMetadata(PbK));
 });
 
 // Start the server.