Randomly (or possibly consistently) for one partnership, assertions fail to be decrypted with these errors in sm trace log.
[Saml2Validator.java][ERROR][sm-FedServer-01030] Exception has occurred, in decryptAssertionInResponse: com.netegrity.SAML2Security.SAML2EncryptDecryptException: Error in SAML2EncryptDecrypt decrypt - failed to decrypt Assertion. encrypt: Error decrypting XML Document. Exception: Error setting private key. Incorrect private key may have been used for decryption.java.security.InvalidKeyException: unwrapping failed
...
Caused by: org.bouncycastle.crypto.InvalidWrappingException: Unable to unwrap key: input too large for RSA cipher.
...
Caused by: org.bouncycastle.crypto.internal.DataLengthException: input too large for RSA cipher.
...
Caused by: com.netegrity.smkeydatabase.api.XMLDocumentOpsException: encrypt: Error decrypting XML Document. Exception: Error setting private key. Incorrect private key may have been used for decryption.java.security.InvalidKeyException: unwrapping failed
Review the SM Trace logs for the error.
[Saml2Validator.java][decryptAssertionInResponse][Encrypted assertion received but no decryption alias configured]
This error indicates that the decryption private key alias is not configured in the environment for this partnership.
Check that the decrypt certificate is configured.