If enabled, the signing certificate used by identity provider and service provider will be validated against the trusted CA list. If the certificate is not validated and accepted, it will stop and return a validation error without doing further XML signature validation.