Unless you explicitly turn off signature verification through the SAML configuration, we expect either the SAML response or SAML assertion to be signed and for that signature to verify.
If the SAML assertion signature block was removed this would invalidate the SAML response signature, if any.
Please enable SAML trace and send the generated log file as an email attachment to support@componentspace.com.
https://www.componentspace.com/Forums/7936/Enabling-SAML-Trace
Thanks for the update.
These flags are defined in our Configuration Guide.
WantAssertionOrResponseSigned requires either the SAML assertion or SAML response to be signed and successfully verified. If neither is signed or verifies we throw an exception. This flag defaults to true as this is the most common use case.
However, if required you can explicitly specify you want the SAML response or SAML assertion signed using the WantSAMLResponseSIgned and WantAssertionSigned flags.