SAML assertion signature validation with Shibboleth SP

[Cantor, Scott]

If you want to report a security issue, then the proper way to do that is via Jira or at security at shibboleth.net

One obvious thing to say is that if you were delberately messing around with things and stumbled on the fact that you can insert a special Null security rule into the SP policy chain, that's going to bypass all the checks, but I don't even think we have that documented.

-- Scott