Using version 0.17.1 which depends on pysaml 4.5.0, what doesnt have the vulnerability. Add an option to saml sp, to not require signed response.