SAML assertion signature validation with Shibboleth SP

Cantor, Scott cantor.2 at
Tue Nov 22 14:17:15 UTC 2022

If you want to report a security issue, then the proper way to do that is via Jira or at security at

One obvious thing to say is that if you were delberately messing around with things and stumbled on the fact that you can insert a special Null security rule into the SP policy chain, that's going to bypass all the checks, but I don't even think we have that documented.

-- Scott

More information about the users mailing list