This repository was archived by the owner on Aug 3, 2021. It is now read-only.
Response Signated Signed-ness can flip when xml is read #112
Description
The value of samlResponse.isSigned() before this line is true
After this line it is false.
This may be because I am logging at the DEBUG level.
I just ran into this while setting up a Google G-Suite Apps SAML IdP.
The fix is to verify the response signature before assertion xml is converted to an object. I'm not certain why this occurs, but it is consistent in my current environment and this tiny tweak fixes it.