We are using low level ComponentSpace SAML 2.0 implementation, when trying to read the encrypted assertions, while passing the x509 certificate file, ComponentSpace can only Decrypt when Private Key is present in the file.
In many cases the SAML SSO Idp do not include the private key in the cert file, is there any other way to decrypt the assertions?
XmlElement decryptedElement = encryptedAssertion.DecryptToXml(x509Certificate);
The identity provider encrypts a SAML assertion using the service provider's public key. The service provider decrypts the encrypted assertion using the service provider's private key. The SAML assertion should never be encrypted using the identity provider's public key. You should never need the private key of a 3rd party and you should never supply your private key to a 3rd party. You only ever exchange public keys.
You should supply your public key (eg sp.cer file) to the identity provider.
You should decrypt the SAML assertion using your private key (eg sp.pfx).
