1 files changed, 10 insertions, 2 deletions

diff --git a/modules/saml/docs/sp.txt b/modules/saml/docs/sp.txt
index 45c1e60..063be47 100644
--- a/modules/saml/docs/sp.txt
+++ b/modules/saml/docs/sp.txt
@@ -270,11 +270,13 @@ Options
 
 `redirect.sign`
 :   Whether authentication requests, logout requests and logout responses sent from this SP should be signed. The default is `FALSE`.
+    If set, the `AuthnRequestsSigned` attribute of the `SPSSODescriptor` element in SAML 2.0 metadata will contain its value. This
+    option takes precedence over the `sign.authnrequest` option in any metadata generated for this SP.
 
 :   *Note*: SAML 2 specific.
 
 `redirect.validate`
-:   Whether logout requests and logout responses received received by this SP should be validated. The default is `FALSE`.
+:   Whether logout requests and logout responses received by this SP should be validated. The default is `FALSE`.
 
 :   *Note*: SAML 2 specific.
 
@@ -312,7 +314,8 @@ Options
     See the documentation for the [Holder-of-Key profile](./simplesamlphp-hok-sp).
 
 `sign.authnrequest`
-:   Whether to sign authentication requests sent from this SP.
+:   Whether to sign authentication requests sent from this SP. If set, the `AuthnRequestsSigned` attribute of the
+    `SPSSODescriptor` element in SAML 2.0 metadata will contain its value.
 
 :   Note that this option also exists in the IdP-remote metadata, and
     any value in the IdP-remote metadata overrides the one configured
@@ -366,6 +369,11 @@ Options
 
 :   *Note*: SAML 2 specific.
 
+`WantAssertionsSigned`
+:   Whether assertions received by this SP must be signed. The default value is `FALSE`.
+    The value set for this option will be used to set the `WantAssertionsSigned` attribute of the `SPSSODescriptor` element in
+    the exported SAML 2.0 metadata.
+
 
 Examples
 --------