The identity provider is returning a SAML response with an error status which appears to be indicating it requires the SAML authn request to be signed.
In your service provider’s saml.config, set the SignAuthnRequest flag to true for the <PartnerIdentityProvider> entry. This requires you to have configured a local certificate under your <ServiceProvider> entry.
If there’s still an issue, please enable SAML trace and send us the generated log file as an email attachment.