@jtalir got a response from NAKIT about why our encrypted SAML responses are not accepted: 'saml2' is an undeclared prefix. Line 1, position 2.
We should check whether xmlsec adds XML namespaces declarations inherited from parent elements. If it doesn't, the decrypted <samp2:Assertion> cannot act as an independent XML document. (It doesn't matter in our decryption method where the decrypted <samp2:Assertion> is a part of the XML document with all namespaces declared.)
@jtalir got a response from NAKIT about why our encrypted SAML responses are not accepted:
'saml2' is an undeclared prefix. Line 1, position 2.
We should check whether xmlsec adds XML namespaces declarations inherited from parent elements. If it doesn't, the decrypted
<samp2:Assertion>
cannot act as an independent XML document. (It doesn't matter in our decryption method where the decrypted<samp2:Assertion>
is a part of the XML document with all namespaces declared.)