I could not reproduce this issue. However, what you said is what is happening behind the scenes.

I'm using a SP with REDIRECT and the AuthnRequest is being sent accordingly. The ProtocolBinding is POST in this case.

But the IdP is properly validating the signatures, because the SAML message itself, in this case a Response, is signed.

Can you please share your configuration and version you are using ?

Regards.