Nextcloud 11 user_saml "Reference validation failed"

Hi,
after upgrade from Nextcloud 10.0.0 to Nextcloud 11.0.2 the Login via SAML Authentication does not work anymore.
I get this failure: “Reference validation failed, invalid_response, Not authenticated”
In the user_saml ChangeLog I have found the hint, that there are some new security features implemented - like “Assertion Validation”.
I have noticed that the “public function validateDigest” (nextcloud/apps/user_saml/3rdparty/vendor/onelogin/php-saml/extlib/xmlseclibs/xmlseclibs.php) return “False” when the assertion part get checkt by this function.

There are two queries like: “$query = ‘string(./secdsig:DigestMethod/@Algorithm)’” and “$query = ‘string(./secdsig:DigestMethod/@Algorithm)’;” But in my assertion there are no <ds:DigestMethod Algorithm> and ds:DigestValue sections.

Could this be the failure?

user_saml config:
“user_saml”: {
“installed_version”: “1.2.2”,
“types”: “authentication”,
“enabled”: “yes”,
“general-uid_mapping”: “urn:oid:0.9.2342.19200300.100.1.3”,
“general-require_provisioned_account”: “1”,
“sp-x509cert”: “-----BEGIN CERTIFICATE-----[REMOVED]-----END CERTIFICATE-----”,
“sp-privateKey”: “-----BEGIN PRIVATE KEY-----[REMOVED]-----END PRIVATE KEY-----”,
“idp-entityId”: “https://[REMOVED]/IDP.xml”,
“idp-singleSignOnService.url”: “https://[REMOVED]/affwebservices/public/saml2sso”,
“idp-singleLogoutService.url”: “https://[REMOVED]/affwebservices/public/saml2slo”,
“idp-x509cert”: “-----BEGIN CERTIFICATE-----[REMOVED]-----END CERTIFICATE-----”,
“security-authnRequestsSigned”: “1”,
“security-logoutRequestSigned”: “1”,
“security-logoutResponseSigned”: “1”,
“security-wantMessagesSigned”: “1”,
“security-wantAssertionsSigned”: “1”,
“security-wantAssertionsEncrypted”: “1”,
“general-use_saml_auth_for_desktop”: “1”,
“type”: “saml”,
“security-lowercaseUrlencoding”: “0”
},

Assertion:

assertion.JPG1269×414 78.1 KB

THX br, max

Now I have disabled the option for the requirement of assertion be signed [so it works for me]:

bla.JPG916×182 25.6 KB