SamlResponse Signed & Encrypted

Using .NET Library (System.IdentityProvider), Saml2SecurityToken is created after decrypting Saml2Assertion which has a two properties “ExternalEncryptedKey” and “EncryptingCredentials”. It fails while writing / serializing assertion in string and throwing “saml2assertion cannot specify externalencryptedkeys unless encryptingcredentials are also specified”. Any answer on this would really help. are we missing any configuration in idp or sp?