The way XML digital signatures work is so weird. This routinely comes up year-after-year. When I was working at Okta this also resulted in a number of annoying breaches, including this one: <a href="https://developer.okta.com/blog/2018/02/27/a-breakdown-of-the-new-saml-authentication-bypass-vulnerability" rel="nofollow">https://developer.okta.com/blog/2018/02/27/a-breakdown-of-th...</a>