Omni Auth IDP Initiated SSO with encrypted assertion

Really two questions in one.
How do you setup IDP Initiated SSO?
All the documentation is for SP Initiated SSO.

How do you setup encrypted idp assertions?
My IDP requires encrypted assertions. I’ve created a key pair and given them the public key. How do I configure gitlab to use private key for assertions?

One more thing. Currently this is behind an nginx instance for SSL termination.