...
TheĀ signResponses
default varies by profile, see the notes on the individual profile pages.
If you need to enable theĀ signAssertions
option, and you control the SP's metadata, you should generally add the WantAssertionsSigned
flag to it in place of using this option. Related, the idp.saml.honorWantAssertionsSigned property can be turned off to globally ignore that flag in metadata should you wish to do so.