Comment by hsbauauvhabzb
Comment by hsbauauvhabzb a day ago
Why do you say that? I think it’s ugly, but it’s substantially simpler to understand than oidc. What parts of the spec (read: not just shitty implementations by developers) are bad?
I’m genuinely curious here, I’m not attempting to bait an argument.
Two things
Saml itself is sort of a kitchen sink. It includes everything you could possibly ever want, but nobody implements all of it so you need to figure out common subset, which defeats the point of a standard.
Second, XMLSignature sucks... like badly. Only part of the response is signed, but which part there is no standard on. It is way too complicated. Why have multiple overlapping signatures is crazy. Comments arent signed but change meaning of document. A billion signature types. Etc.