Glance requires all SAML transactions to take place over TLS-secured (https) connections.
All identity providers cryptographically sign their transactions. The Metadata Discovery Endpoint you provide to Glance specifies the public key necessary for Glance to verify those signatures. Glance supports signatures using the SHA-512, SHA-384, SHA-256, or SHA-1 algorithms. You may choose the algorithm you prefer from among those choices. The identity provider may cryptographically sign the document at either the Reply or Assertion level; Glance accepts either.
Some identity providers also encrypt their transactions. If your identity provider requires encrypted transactions, Glance must provide a public key to you for that purpose.