Incorrect HTTP Redirect binding signature

[Prusias]

The signature of the HTTP Redirect binding appears to be incorrect since this commit: 7b785a8#diff-6a2c4640d940f28e0b49947ffbafd6d2726f92c9fba5fdad8202234083daff57

The signature is now set to the value of signature in the AuthnRequest, but (please correct me if I'm wrong) the signature should be based on the combined query parameters (As it was before the above commit)

[tvdijen]

You are absolutely right that the signature should be calculated over the message + some (not all) parameters. There is also more wrong about this code, because we're actually not signing anything..