It appears that if Hue receives an unsigned assertion then it will continue to process it as valid. This means it is possible for an end-user to forge or remove the signature and manipulate a SAML assertion to gain access without a successful authentication.
It appears that if Hue receives an unsigned assertion then it will continue to process it as valid. This means it is possible for an end-user to forge or remove the signature and manipulate a SAML assertion to gain access without a successful authentication.