Description
When the "encryptIssuedToken" boolean is set on the TokenIssueOperation in the STS, an exception is thrown if a public key is not found to encrypt the token. It first checks for a token per service (via the AppliesTo address), and then falls back to the generic setting on the STS.
This improvement only encrypts the token if a matching key can be found. In other words, so long as the STS is not configured with a generic encryption name.