I need to conduct the SAML Bearer Assertion Flow from OAuth 2 manually via Postman to proof that it works with our backend. Therefore I created my own SAML assertion file using [1] as reference (scroll down a bit to see the sample SAML assertion).
I wonder why the digital signature (value of XML element ds:SignatureValue
) is part of the file that contains the SAML assertion. Of course I cannot include the signature inside the thing that is being signed. So I wonder what/which part of the assertion is being signed.