- Implementation of RSA v1.5 is not recommended due to security risks associated with the algorithm.
- Implementations must implement RSA-OAEP for the transport of all key types and sizes that are mandatory to implement for symmetric encryption.
AM must support RSA-OAEP as well.
SAML core spec points to the out-of-date https://www.w3.org/TR/2002/REC-xmlenc-core-20021210/ which also points rsa-oaep as required:
This also links to