Added a decrypt flag so a proxy can choose not to decrypt an encrypted assertion.
Fix so an signature on a response is always validated. Moved back to original solution. The only use case where the signature should be validated is if the proxy is transparent and the signature is designated for the Service Provider. This use case is no longer valid and if it is to be used a new flag must be created, like never_validate_signature. The default value of never_validate_signature is False.
c4c5c224d4