This handler should be used only when configuring Identity Providers.

For Service Providers, the decryption of SAML Assertion is already done by the authenticators.

When using this handler, make sure that your service providers are also configured with the Section 12.5.7.11, “SAML2SignatureGenerationHandler” and the Section 12.5.7.12, “SAML2SignatureValidationHandler” handlers.

Do not use this handler with the __ Section 12.5.7.11, “SAML2SignatureGenerationHandler” _ configured in the same chain. Otherwise SAML messages will be signed several times._