Specify how message authenticity and integrity is ensured:

Use SAML-standard signature requirements

Specify additional signature requirements

Sign AuthN requests sent over POST and Redirect bindings

Require signed SAML Assertions (rather than signed Responses — Assertions are contained inside SAML Responses)

Always Sign Artifact Response