SAMLp configuration documentation looks as follows:

Configure strategy for ADFS (SAMLp)
This example utilizes a strategy using SAMLp and RP token encryption.

passport.use('wsfed-saml2', new wsfedsaml2({
// ADFS RP identifier
realm: 'urn:node:samlapp',
identityProviderUrl: 'https://my-adfs/adfs/ls',
// ADFS token signing certificate
thumbprint: '5D27...D27E',
// or options.cert: fs.readFileSync("adfs_signing_key.cer")
protocol: "samlp",
// This is the private key (use case where ADFS
// is configured for RP token encryption)
decryptionKey: fs.readFileSync("server.key")
}, function (profile, done) {
// ...
}));

However in this case options.cert is wrong. It should be just cert because options object is the argument of wsfedsaml2 function.

Fixed by #95. Thanks!