And yes, it's a fallback, if you receive an encrypted assertion the default behavior tries to decrypt with the keys that are valid for the specified algorithm. I don't think it's very common but the same provider can even handle different algs/keys. Author mfredenhagen commented Sep 12...