In addition to reasons shared by other commenters, my main concern is XML Signature Wrapping.
XMLDSig APIs are not well designed. They check whether signatures in a document are valid, but signatures are not required to cover the entire document. XMLDSig APIs do not make it easy to confirm that signatures cover a specific element of interest, like saml:Subject.
An adversary can stuff a valid assertion within a forged one, and many popular SAML implementations would accept the forged assertion. This is mostly fixed now, but it's still one of those things that I must validate for myself in all new SAML service providers that I can influence.
XMLDSig APIs are not well designed. They check whether signatures in a document are valid, but signatures are not required to cover the entire document. XMLDSig APIs do not make it easy to confirm that signatures cover a specific element of interest, like saml:Subject.
An adversary can stuff a valid assertion within a forged one, and many popular SAML implementations would accept the forged assertion. This is mostly fixed now, but it's still one of those things that I must validate for myself in all new SAML service providers that I can influence.
https://www.usenix.org/system/files/conference/usenixsecurit...
https://arxiv.org/pdf/2106.10460