Discuss this help topic in SecureBlackbox Forum
Sign assertions included into IdP responses
You need to set TElSAMLIdentityProvider.SignAssertions property to 'true'. Also TElSAMLIdentityProvider.SigningCertificate property must be initialized with a certificate to be used for signing. The certificate must have an associated private key in it (TElX509Certificate.PrivateKeyExists property must be true).