Match WantAuthnRequestsSigned to 'sign.authnrequest' option instead of 'redirect.sign' when parsing IdP metadata.