SAML assertion signature validation with Shibboleth SP
cantor.2 at osu.edu
Tue Nov 22 14:17:15 UTC 2022
If you want to report a security issue, then the proper way to do that is via Jira or at security at shibboleth.net
One obvious thing to say is that if you were delberately messing around with things and stumbled on the fact that you can insert a special Null security rule into the SP policy chain, that's going to bypass all the checks, but I don't even think we have that documented.
More information about the users