Quick update here for others who found this post through searching that are using SAML with signing + encryption seeing the error message of:
err=error validating response: unable to decrypt encrypted assertion: cannot decrypt, error retrieving private key: decryption tls.Certificate has no public certs attached
It appears (possibly recently with the release of v5.29.1 on 2020.12.03) that Server is now validating the certificate defined in the config under SamlSettings.PublicCertificateFile actually matches against the private key in SamlSettings.PrivateKeyFile, whereas it previously may have functioned with a mismatched modulus between the two.
Troubleshooting wise, double check the certificate and key have the same modulus with:
openssl rsa -noout -modulus -in saml-private.key | openssl md5
openssl x509 -noout -modulus -in saml-public.crt | openssl md5