We already have
LPS-88923 support for encrypted assertions, meaning attributes will also be encrypted. But there are some enterprise scenarios when attributes should be encrypted separately from the assertion.
For example when Liferay is acting as SP for user authentication, and consumes web services from other backend systems that require those attributes. It might be desirable for the IDP to encrypt those attributes using the public keys of those other backend systems, so Liferay is unable to read them and simply acts as a proxy.