we marked "Assertions Signed" in OpenAM configuration,
and if the SAML response coming from IDP is signed and the SAML assertion is not signed, will OpenAM consider this SAML response as a valid SAMLResponse?
note : openam version 13.0.0
Ever since OPENAM-7055 has been implemented, AM will consider a signed SAML response as if the assertion itself was signed. The JIRA issue has fix version set to 13.0.0, so this behaviour should be already correct in that version.