It seems that SPPostSignatureFormAuthenticator Valve is not checking signatures of SAML Assertions returned by the IDP because the value of the validateSignature property is always false. During the Valve startup only the supportSignatures is set to true.
Is there some other way for enable signature validation by this Valve ?
Here is a patch that I used to overcome this problem. Is this patch really needed ?