Hello,
I
have a question regarding the SAML Authentication Request. When an IDP
receives a SAML authentiocation request, how can they validate the
sender of the request? The issuer name, provider name,
AssertionConsumerServiceURL and the signature are all optional. If none
of these are in the request, how can the sender of the request be
validated?
Thanks
-Mitu