Hi, Noticed $subject happening when we configure SAML SSO with SAML Request Validation enabled.
This means that even for an invalid SAML Request (with an invalid signature) the user will go through the authentication steps configured for that Service Provider(identified by the issuer value in the request) and the SAML Request validation only happens after we get the response from the authentication framework. Is this the expected behaviour? Thanks, Farasath Ahamed Software Engineer, WSO2 Inc.; http://wso2.com Mobile: +94777603866 Blog: blog.farazath.com Twitter: @farazath619 <https://twitter.com/farazath619> <http://wso2.com/signature>
_______________________________________________ Dev mailing list Dev@wso2.org http://wso2.org/cgi-bin/mailman/listinfo/dev