If you try to generate a "correct" Response but you don't check any SPID attribute to be returned to the SP (for instance because the original SP request did not specify any AttributeConsumingServiceIndex), the generated Response is invalid, violating the SAML 2.0 schema, because an empty <saml:AttributeStatement> element is included.
If no attribute are to be returned, no <saml:AttributeStatement> element should be included in the Response.
damikael
commented
3 years ago
If you try to generate a "correct"
Responsebut you don't check any SPID attribute to be returned to the SP (for instance because the original SP request did not specify anyAttributeConsumingServiceIndex), the generatedResponseis invalid, violating the SAML 2.0 schema, because an empty<saml:AttributeStatement>element is included.If no attribute are to be returned, no
<saml:AttributeStatement>element should be included in theResponse.