The SAML2 Service is not documented fully in the Administration Guide.
These flags in particular were observed to be not present or searchable in our documentation, meaning that legacy documentation had to be consulted.
XML Signing Certificate Validation
CA Certificate Validation
It would be useful to have a link from these to the IDP/SP settings saying what they mean when used together.