OPENAM-476, AM attempts to validate signatures in AuthnRequests regardless of what's specified in the configuration. If the according key does not exist in the metadata&keystore, SSO fails, forcing customers to import the keys regardless of their AM config, and exposing them to SSO failures whenever the certificates change.
- Install vanilla 6.5.3 or 7.0
- Create and Install a Java Fedlet
- Do not configure signing & encryption (it's disabled by default)
- Send a signed AuthnRequest from the remote SP
Enable signing validation
Commit 32d3cb832901adb40c5affad02df7c3a9626076d for
OPENAM-476 seems to be the culprit.