In fact, of all the SAML documentation, the technical overview is the most valuable from a high-level perspective.The SAML protocol is rarely the vector of choice, though it's important to have cheatsheets to make sure that this is robust.
The standard further says that an SAML message received over an authenticated SLL connection MAY be considered properly signed if defined by the profile.
Looking at the Web SSO profile it states that for artifact resolution (profiles, 188.8.131.52) "the dereferencing of the artifact using the Artifact Resolution profile MUST be mutually authenticated, integrity protected, and confidential.".
Another scenario is that if the assertion is not protected by a signature it could be changed somewhere while on transit on the internet.
With any security controls you have to weigh how important authentication of users are for you and the consecuenses on someone circumventing it.
Following the SAML Profile usage requirements for Authn Request (184.108.40.206) and Response (220.127.116.11) will help counter this attack.
The AVANTSSAR team suggested the following data elements should be required: Further vulnerabilities in SAML implementations were described in 2012 (On Breaking SAML: Be Whoever You Want to Be).
The various endpoints are more targeted, so how the SAML token is generated and how it is consumed are both important in practice.
If you’re facing issues in validating SAML responses, this tool will aid you in debugging.
The encrypted symmetric key can only be decrypted using the private half of the key pair used to encrypt it.