Describe the bug In the new version 5.6.1, the OpenSamlAuthenticationProvider class has been changed. I see that you added condition.
if (responseSigned) { this.responseElementsDecrypter.accept(responseToken); }
This condition prohibits decryption of the content if the signature is missing. Previous versions of the library did not have this condition. Where did it come from? I looked in the spec and didn't find anything like that. Moreover, the signature can be found inside the encrypted content. Why do you need another one outside?
Comment From: eleftherias
Thanks for reaching out @fink-artem. This check was added as part of #9044. I believe this discussion on that same issue will answer your question.