If you try to generate a "correct" Response but you don't check any SPID attribute to be returned to the SP (for instance because the original SP request did not specify any AttributeConsumingServiceIndex), the generated Response is invalid, violating the SAML 2.0 schema, because an empty <saml:AttributeStatement> element is included.
If no attribute are to be returned, no <saml:AttributeStatement> element should be included in the Response.
If you try to generate a "correct"
Response
but you don't check any SPID attribute to be returned to the SP (for instance because the original SP request did not specify anyAttributeConsumingServiceIndex
), the generatedResponse
is invalid, violating the SAML 2.0 schema, because an empty<saml:AttributeStatement>
element is included.If no attribute are to be returned, no
<saml:AttributeStatement>
element should be included in theResponse
.