After getting SAMLresponses from OKTA, in order to prevent SAMLresponses from being tampered with, is it necessary to verify it in the application? For example, whether the certificate is expires ,the verification of assertion ,and so on.
Hi @zhaoqs
Yes, it’s required to verify SAML responses in order to prevent assertion tampering and creating invalid sessions or sessions with, for example, super administrator access by malicious actors.
This topic was automatically closed 24 hours after the last reply. New replies are no longer allowed.