SnippetIn case anyone else landed on this post, it was a configuration setting on our end. We assumed that the WantAssertionOrResponseSigned would handle verifying the Assertion signature, however that wasn't the case. Adding WantSAMLResponseSigned and WantAssertionSigned options solved the problem.
|