Signing requests is an advanced topic. It's actually optional in SAML (while IDP responses must be signed). What's the security requirement for signing requests? What happens if you get a bad request? Does it really matter? See if you can push back on your IDP...
Short of that, we'd have to assign a developer for this question, which is not something we do unless a customer has commercial support. If this seems very likely, let me know and I'll see what we can do. But it's a very busy time right now--we are about to release 3.0 and everyone is assigned multiple issues.