...
Compliance testing, as part of a broader compliance review, is likely to be included in the contractual arrangements between the client institution and the SP, possibly within the Service Level Agreements (SLAs) between the client institution and the SP.
OMG: https://www.google.com/search?client=firefox-b-d&q=turn+off+saml+signature+validation#ip=1
“A Signature element in AuthnRequest elements is optional. If Require Verification certificates is not checked, Microsoft Entra ID does not validate signed authentication requests if a signature is present”
https://learn.microsoft.com/en-us/azure/active-directory/manage-apps/howto-enforce-signed-saml-authentication