A not-encrypted assertion over https makes sense, but not signed?!?!? | Hacker News

Hacker Newsnew | past | comments | ask | show | jobs | submit

		zwily on April 30, 2018 \| parent \| context \| favorite \| on: Why your SaaS application should support SAML A not-encrypted assertion over https makes sense, but not signed?!?!?

tonyarkles on April 30, 2018 [–]

> but not signed

That's right... Key management is hard lets go ride bikes.

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact