simevo/spid-php2

set strict mode

Closed this issue · 2 comments

simevo commented

from the onelogin/php-saml documentation:

In production, the strict parameter MUST be set as "true"

and:

If 'strict' is True, then the PHP Toolkit will reject unsigned or unencrypted messages if it expects them to be signed or encrypted. Also it will reject the messages if the SAML standard is not strictly followed: Destination, NameId, Conditions ... are validated too.