Signed & Encrypted Saml2Response

Saml2SecurityToken gets created using .NET Library (System.IdentityModel) after decrypting Saml2Assertion which has 2 properties “ExternalEncryptedKey” and “EncryptingCredentials”. These gets populated and leads to failure when Saml2SecurityToken is being serialized into string stating that “saml2assertion cannot specify externalencryptedkeys unless encryptingcredentials are also specified”, Meaning if “EncryptingCredentials” exist then “ExternalEncryptedKey” should be empty. Any settings in Idp which stop sending “ExternalEncryptedKey” in saml response? or any other resolution would really help.