Note: SAML 1.1 will be deprecated soon. If you are working on a new integration, we strongly recommend that you use OIDC instead. |
The SAML response is a signed XML (xml-dsig) and the signature must be verified in order to ensure the correctness of the assertion.
Signicat provides libraries that will help you verifying the SAML using Java or C#.