SAML response signiture missing

Question

I am trying to implement SAML2 SSO, I am getting an error saml2.sigver.SignatureError: Signature missing for response. I am using djangosaml2, in turn using pysaml2. It seems to hit an issue when looking for signature: https://github.com/IdentityPython/pysaml2/blob/master/src/saml2/sigver.py#L1648

Looks like it is trying to find the signature in the Response attributes, however my IDP returns no signature in the response attributes, however signature can be found in the response as its own element ns2:Signature.

Should I be asking my IDP to provide me a different response, or am I missing a configuration option on my side?

Login process started
Trying binding urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST for IDP None
Redirecting user to the IdP via urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST binding.
Saving the session_id in the OutstandingQueries cache
Invalid or malformed SAML Assertion.
Traceback (most recent call last):
  File "/usr/local/lib/python3.4/dist-packages/djangosaml2/views.py", line 271, in assertion_consumer_service
    response = client.parse_authn_request_response(xmlstr, BINDING_HTTP_POST, outstanding_queries)
  File "/usr/local/lib/python3.4/dist-packages/saml2/client_base.py", line 712, in parse_authn_request_response
    binding, **kwargs)
  File "/usr/local/lib/python3.4/dist-packages/saml2/entity.py", line 1150, in _parse_response
    response = response.loads(xmlstr, False, origxml=xmlstr)
  File "/usr/local/lib/python3.4/dist-packages/saml2/response.py", line 520, in loads
    self._loads(xmldata, decode, origxml)
  File "/usr/local/lib/python3.4/dist-packages/saml2/response.py", line 342, in _loads
    **args)
  File "/usr/local/lib/python3.4/dist-packages/saml2/sigver.py", line 1648, in correctly_signed_response
    raise SignatureError('Signature missing for response')
saml2.sigver.SignatureError: Signature missing for response

SAML Response:

<samlp:Response xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol" 
    xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" Destination="..." ID="..." InResponseTo="..." IssueInstant="2018-12-07T10:31:48Z" Version="2.0">
    <saml:Issuer xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion" Format="urn:oasis:names:tc:SAML:2.0:nameid-format:entity">...</saml:Issuer>
    <samlp:Status>
        <samlp:StatusCode Value="urn:oasis:names:tc:SAML:2.0:status:Success" />
    </samlp:Status>
    <saml:Assertion xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion" ID="..." IssueInstant="2018-12-07T10:31:48Z" Version="2.0">
        <saml:Issuer Format="urn:oasis:names:tc:SAML:2.0:nameid-format:entity">...</saml:Issuer>
        <dsig:Signature xmlns:dsig="http://www.w3.org/2000/09/xmldsig#">
            <dsig:SignedInfo>
                <dsig:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" />
                <dsig:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1" />
                <dsig:Reference URI="...">
                    <dsig:Transforms>
                        <dsig:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature" />
                        <dsig:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" />
                    </dsig:Transforms>
                    <dsig:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" />
                    <dsig:DigestValue>...</dsig:DigestValue>
                </dsig:Reference>
            </dsig:SignedInfo>
            <dsig:SignatureValue>...</dsig:SignatureValue>
            <dsig:KeyInfo>
                <dsig:X509Data>
                    <dsig:X509Certificate>...</dsig:X509Certificate>
                </dsig:X509Data>
            </dsig:KeyInfo>
        </dsig:Signature>
        ...
        ...
    </saml:Assertion>
</samlp:Response>

Answer 1

Following the comment by Bernhard, I needed to set "want_response_signed": False

SAML_CONFIG = {
    'service': {
            'sp': {
                 "want_response_signed": False
...