Is it possible for signature to be null or empty after HTTPRedirectBinding.ReceiveRequest call?
If it's possilbe and signature is null, the authnRequest will be treated as verified so we don't need to run the rest code? That is,
string issuerName = Issuer.GetIssuerName(authnRequestElement);
// Lookup the X.509 certificate for the SP - details not shown.
// Verify the HTTP-Redirect signature. Throws a SAMLSignatureException if verification fails.
HTTPRedirectBinding.VerifyRequestSignature(httpRequest, signatureAlgorithm, signature, x509Certificate.PublicKey.Key);