It looks like there’s an issue loading the PFX file used to decrypt the SAML assertion. We use the X509Certificate2 class to load PFX files.
Please take a look at:
Make sure the file permissions are set correctly. The account under which the application runs must have read access to the PFX file and create permission for the private key container folder.
If running under IIS, check that Load User Profile is set to true for the application pool under which your application is running.
If there’s still an issue, please enable SAML trace and send the generated log file as an email attachment to support@componentspace.com.