From the log it looks like that there is something going wrong in the decryption of the message. I would advise to use SAML tracer (a Firefox plugin) to see all the SAML messages. It might give you a clue why it can not decrypt the messages. Another option would be to use Wireshark but that gets very technical.
Regards,
Ronald
Hi Theo,
It seems like the configuration has not been set correctly. In the SAML module, there is a the SAMLConfiguration_Overview snippet. When you navigate there on your application, you see the specific request that the user has sent. It is easier to debug from that information there.
You can send your request to your IdP and discuss with them what certificate they've been set to receive.
I had this before when the encryption from the IDP and SP side where not aligned. For me both had to be configured useing SHA256.