SAML encrypted assertion problem



I’m trying to set up SAML with opendistro but it seems there is a problem with encrypted assertions.

At the moment, I am correctly redirected to my IdP, I enter my credentials, and I’m correctly redirected to Kibana.

But then, I’m getting a “SAML authentication error. The SAML authentication failed. Please contact your administrator.” Error.

Looking into the logs I have this :

[2019-04-26T14:10:02,782][ERROR][c.a.d.a.h.s.AuthTokenProcessorHandler] [elastic] Error while converting SAML to JWT
com.onelogin.saml2.exception.SettingsException: No private key available for decrypt, check settings
at com.onelogin.saml2.authn.SamlResponse.decryptAssertion( ~[java-saml-core-2.3.0.jar:?]
at com.onelogin.saml2.authn.SamlResponse.loadXmlFromBase64( ~[java-saml-core-2.3.0.jar:?]
at [opendistro_security_advanced_modules-]
at [opendistro_security_advanced_modules-]
at$000( [opendistro_security_advanced_modules-]
at$ [opendistro_security_advanced_modules-]
at$ [opendistro_security_advanced_modules-]
at Method) [?:?]

It fails in decryptAssertion, which means that encrypted assertions are detected.
However I do not see any option in opendistro security to enable/disable assertion encryption, and I do not see any key passed to onelogin to decrypt this assertion.

Am I missing something ?

I tried to google it without luck