When using RHSSO as an identity broker, how can it be configured to received encrypted identity tokens?

I am trying to configure RHSSO as an Identity Broker between an OIDC Provider and another application. I was able to achieve successful user login when the ID Tokens were not encrypted.

I am trying to configure RHSSO to be able to accept encrypted ID Token. But when setting up an OIDC identity provider in Keycloak in "Identity Providers", there was no option to explicitly indicate that the ID Tokens would be encrypted, nor was there any option to indicate what key to use for decryption.

I have tried adding a self generated RSA key to "Realm Settings > Keys", and provided the Public Key to the OIDC provider to use for encryption. In the JWE representation of the encrypted ID Token, the JOSE header contains "RSA-OAEP-256" in the "alg", and "A256CBC-HS512" in the "enc". However, now with encryption enabled, RHSSO now throws the following exception when I try to login from the OIDC Provider:

ERROR [org.keycloak.broker.oidc.AbstractOAuth2IdentityProvider] (default task-94) Failed to make identity provider oauth callback: org.keycloak.broker.provider.IdentityBrokerException: Invalid token

Is there anything which I may have misconfigured?