OpenAM Relation between sign the SAML Response & Assertion

we marked "Assertions Signed" in OpenAM configuration,

and if the SAML response coming from IDP is signed and the SAML assertion is not signed, will OpenAM consider this SAML response as a valid SAMLResponse?

note : openam version 13.0.0

Solution

Ever since OPENAM-7055 has been implemented, AM will consider a signed SAML response as if the assertion itself was signed. The JIRA issue has fix version set to 13.0.0, so this behaviour should be already correct in that version.

Configuring SAML2: Bypassing 'InResponseTo' Validation While Retaining Default Settings in OpenSaml4AuthenticationProvider
Microsoft Azure: How to get the Auth Token after SAML authentication on a enterprise application
SAML configuration broke after upgrade from 7.55.8 to 7.98.8
How am I supposed to handle an expiring SAML certificate as an SP?
Why is Keycloak resulting in "Cookie not found" error after IDP initiated login?
Configure Keycloak to Encrypt SAML Assertions with AES-128-GCM Instead of AES-128-CBC
Transforming LDAP group memberships to SAML Attributes in Keycloak
Assistance with Extending SAML AuthnRequest for AppSwitch Property
How to set up AWS Client VPN with Keycloak as IdP
Response doesn't have any valid assertion which would pass subject validation
Validate signed assertion embedded in SAMLResponse
CORS issue using Angular application calling a .NET Core API using Sustainsys.Saml2 library and Azure Active Directory as Identity Provicer
Logging into SAML/Shibboleth authenticated server using python
SimpleSAML\Error\Exception: Could not find the metadata of an IdP with entity ID
Security concerns with providing SAML metadata on public URL
How to get a SAML token from ADFS sever to pull data from dynamics CRM on-premises (non-sdk) in c#?
How to add ForceAuthn flag on AWS cognito
Python Requests - SAML Login Redirect
How to get SAML token using C#/ASP.NET
Simple way to put AWS Lambda app behind SAML authentication
Why wouldn't the IdP initiate contact with the SP in a SAML 2.0 SSO integration?
How to solve the xmlsec Error: (100, 'lxml & xmlsec libxml2 library version mismatch')
Mendix and Azure Ad B2C AuthRequest does not have assertion consumer service URL
Authenticate requests session with login.microsoftonline.com
Python SSO: pysaml2 and python3-saml
How to create public and private key with OpenSSL?
How to change NameID in SimpleSAMLphp
Add SHA1 to signxml python
What causes a Responder status in a SAML response
How to validate a SAML token from ADFS 3.0 in an ASP.NET Core Web API