oidc-client-idtoken-sig-none should not be mandatory for certification
Microstrategy have raised a concern that support of unsigned id_tokens should not be mandatory for relying parties.
Spring security have chosen not to support these: https://github.com/spring-projects/spring-security/issues/9494
Looking at https://openid.net/specs/openid-connect-core-1_0.html#IDToken clients are not required to accept id_token and an unsigned id_token maybe only be returned to the client if the client explicitly requested one:
ID Tokens MUST NOT use none as the alg value unless the Response Type used returns no ID Token from the Authorization Endpoint (such as when using the Authorization Code Flow) and the Client explicitly requested the use of none at Registration time.
The conformance profiles ( https://openid.net/wordpress-content/uploads/2018/06/OpenID-Connect-Conformance-Profiles.pdf ) explicitly list rp-id_token-sig-none
as 'optional'.
The only reason the test is mandatory in the java suite is that it was listed as mandatory in the python suite.
A similar discussion happened for unsigned request objects in the OP tests, see #826 and the Connect WG minutes here: http://lists.openid.net/pipermail/openid-specs-ab/Week-of-Mon-20200810/007880.html