Yes, I know but I shared with you documentation that explains that the signature is not enveloped in the message in this case. So the signature is calculated and becomes part of the URL. If you look at this in the logs then you might look at a point where we just print out the AuthNRequest, this is no indication that it is not signed. I think we can move forward with this at this point.
No, it's not. Please read section 3.4.1 in https://docs.oasis-open.org/security/saml/v2.0/saml-core-2.0-os.pdf . The ProtocolBinding you see there doesn't dictate that this request is using that binding, but instructs the IDP that the response should use that binding.
Understood, but I have already shared with you the answer for that part: