I ask because a service provider is unable to validate the outer signature for some reason. What is the signature outside assertion used for and how can I disable the use of it?
Below is the response from my Identity provider.
<samlp:Response xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol"
xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion"
ID="_62f19ea3a8857b9ad77a6d5ac960322798a74d618f"
Version="2.0"
IssueInstant="2013-06-17T11:56:45Z"
Destination="https://icsamlsdp.cc.ic.ac.uk/simplesaml/module.php/saml/sp/metadata.php/icsamltest"
>
<saml:Issuer>https://icsamltest2.cc.ic.ac.uk/simplesaml/saml2/idp/metadata.php</saml:Issuer>
<ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
<ds:SignedInfo>
<ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" />
<ds:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1" />
<ds:Reference URI="#_62f19ea3a8857b9ad77a6d5ac960322798a74d618f">
<ds:Transforms>
<ds:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature" />
<ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" />
</ds:Transforms>
<ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" />
<ds:DigestValue>i5V6glduk2J7dNqJl5uf9DdELAU=</ds:DigestValue>
</ds:Reference>
</ds:SignedInfo>
<ds:SignatureValue>PpreJrEMIak7PbMLWsgA1wnoFA6Y91J/ZVWjOz2CHq0JFHQSKU0jQ6Xrccb+y/u+aCx/1ttsRuUxfEhixbhnZLXYcf5c/Dyeo8BQbG8Qfebyn0Xxjubyw6203LcUMRNX8ZPkPyTlqScNO1YemPuuqBzwKf/AG2+iAZR4YlOi0JZ2/RzR+gv+cBecSnCT+8/8ZyA+zESIs2wtZ6p9krmxGsfuFy+uCi2nbH7g2zNcLR8HFlEHXCRvLNIMV/xPeC9A285ZRo65w9bC6XuNwLzovzL/SPgzDix6wtjY953jmm3aF9wNZyQZter870Qd7Tt6dwLhqDrX6EmeK1AIVnCzJw==</ds:SignatureValue>
<ds:KeyInfo>
<ds:X509Data>
<ds:X509Certificate>MIIELzCCAxegAwIBAgIJAI1y/4grPMgOMA0GCSqGSIb3DQEBBQUAMIGtMQswCQYDVQQGEwJHQjEQMA4GA1UECAwHRW5nbGFuZDEPMA0GA1UEBwwGTG9uZG9uMSAwHgYDVQQKDBdJbXBlcmlhbCBDb2xsZWdlIExvbmRvbjEMMAoGA1UECwwDSUNUMRswGQYDVQQDDBJpY3NhbWwuY2MuaWMuYWMudWsxLjAsBgkqhkiG9w0BCQEWH2ljdC11bml4YWRtaW4tZGxAaW1wZXJpYWwuYWMudWswHhcNMTIwMzMwMDg1MTU0WhcNMjIwMzMwMDg1MTU0WjCBrTELMAkGA1UEBhMCR0IxEDAOBgNVBAgMB0VuZ2xhbmQxDzANBgNVBAcMBkxvbmRvbjEgMB4GA1UECgwXSW1wZXJpYWwgQ29sbGVnZSBMb25kb24xDDAKBgNVBAsMA0lDVDEbMBkGA1UEAwwSaWNzYW1sLmNjLmljLmFjLnVrMS4wLAYJKoZIhvcNAQkBFh9pY3QtdW5peGFkbWluLWRsQGltcGVyaWFsLmFjLnVrMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA1aEVK9wP/uxWfArCz2K7MjWvKUzdhY12VDTHxQQtobu6KD6ZH3IeSMyOkyFAzDIRDJQ6SVzAo5jqKd+LgsuOv8ZtF2zm1A00Kgh3wrjJSRGpTHW25BChD8jtMa5/c7zMqpXnz3CsfvH0xuUOAKsZf6KyvLNmS0OUl9zJD4Xg1el/qsmlNf3xcqc0koLEgqJKZf/GyX+097DK98t0iX8jwb1aEwlPczC3RSrl+94kHjyKR42q97sxt6GS3aRFbL0B6VNyKkpIDnvOnvJK6Lhv6di9P+hkOuI2pwDGik+monk+c0L4+DdpuD/sFLby/F6seuZh0mc80ytjTlwvyVo56QIDAQABo1AwTjAdBgNVHQ4EFgQUQpdyh9B0jnEmUIjCLS8JQ1fbCdQwHwYDVR0jBBgwFoAUQpdyh9B0jnEmUIjCLS8JQ1fbCdQwDAYDVR0TBAUwAwEB/zANBgkqhkiG9w0BAQUFAAOCAQEASspjPd+YJfICLuHMxlSOdFyN/LHXa4D3gMaGdZj0kjAgb9fC8ufx8PrfWr73imgN48uv4Noc82VNrsQKxmFTW45NWww7BxxGM0pl1EXhyVe9QVHHbpMNCksWhneJOfOV5NJ6qq4NH1JrYH/nKQb5D623MCTSWNlnTF1TTpHkr3KkocwoNAMwiB64TKmv9d09+jHDCPr8C/gGZKPTT/bE3w4Ub9++RFohxVyqhSL1LnbDp4UHQneQ7Ut4bex9TMDn43rqGL+HdE6PrHMi/+ne2a+oSEpIRaguzA+0bFdt93rwLTznwnUAzdOggYFFk/Lmu9ePGL/Ow5HFMgNMZ9vATA==</ds:X509Certificate>
</ds:X509Data>
</ds:KeyInfo>
</ds:Signature>
<samlp:Status>
<samlp:StatusCode Value="urn:oasis:names:tc:SAML:2.0:status:Success" />
</samlp:Status>
<saml:Assertion xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xmlns:xs="http://www.w3.org/2001/XMLSchema"
ID="_3f4afa786494b76ab780a937a4c9cdd0b7cc0e9c72"
Version="2.0"
IssueInstant="2013-06-17T11:56:45Z"
>
<saml:Issuer>https://icsamltest2.cc.ic.ac.uk/simplesaml/saml2/idp/metadata.php</saml:Issuer>
<ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
<ds:SignedInfo>
<ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" />
<ds:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1" />
<ds:Reference URI="#_3f4afa786494b76ab780a937a4c9cdd0b7cc0e9c72">
<ds:Transforms>
<ds:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature" />
<ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" />
</ds:Transforms>
<ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" />
<ds:DigestValue>OIQ+pxy6fpz5yZNR5QSu98+V4mM=</ds:DigestValue>
</ds:Reference>
</ds:SignedInfo>
<ds:SignatureValue>SmELBvOW02pMFXZgZzzSER0wyYNeiSYz+jBolxVH8bYtj72XO0J/+J4ihLt49uIxIhNQA89LgIVp7Vja3eKSqNg0Q277CZgcPA7q2zsxPl/J74m15wo0ehrzvgFgYDMTK75nIMACn9grGu8B5bXkU6hdWauXtsMSI7kj3UlSnZN9inbTL83N0l+9/n3kNKZdy/RKjKZUMcCKokYj8UP9XqvYY0LnB5vNvxFOMgfUD7jypj1XnHYLNdVkZ831bgYszSEjnnl0FPSfwzwdNuWI4L96gCXkKYXCesBvdcMoTmvY7xCkRMm221K648C4Jn4suG8athYfcH4DxzOE1RSU+w==</ds:SignatureValue>
<ds:KeyInfo>
<ds:X509Data>
<ds:X509Certificate>MIIELzCCAxegAwIBAgIJAI1y/4grPMgOMA0GCSqGSIb3DQEBBQUAMIGtMQswCQYDVQQGEwJHQjEQMA4GA1UECAwHRW5nbGFuZDEPMA0GA1UEBwwGTG9uZG9uMSAwHgYDVQQKDBdJbXBlcmlhbCBDb2xsZWdlIExvbmRvbjEMMAoGA1UECwwDSUNUMRswGQYDVQQDDBJpY3NhbWwuY2MuaWMuYWMudWsxLjAsBgkqhkiG9w0BCQEWH2ljdC11bml4YWRtaW4tZGxAaW1wZXJpYWwuYWMudWswHhcNMTIwMzMwMDg1MTU0WhcNMjIwMzMwMDg1MTU0WjCBrTELMAkGA1UEBhMCR0IxEDAOBgNVBAgMB0VuZ2xhbmQxDzANBgNVBAcMBkxvbmRvbjEgMB4GA1UECgwXSW1wZXJpYWwgQ29sbGVnZSBMb25kb24xDDAKBgNVBAsMA0lDVDEbMBkGA1UEAwwSaWNzYW1sLmNjLmljLmFjLnVrMS4wLAYJKoZIhvcNAQkBFh9pY3QtdW5peGFkbWluLWRsQGltcGVyaWFsLmFjLnVrMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA1aEVK9wP/uxWfArCz2K7MjWvKUzdhY12VDTHxQQtobu6KD6ZH3IeSMyOkyFAzDIRDJQ6SVzAo5jqKd+LgsuOv8ZtF2zm1A00Kgh3wrjJSRGpTHW25BChD8jtMa5/c7zMqpXnz3CsfvH0xuUOAKsZf6KyvLNmS0OUl9zJD4Xg1el/qsmlNf3xcqc0koLEgqJKZf/GyX+097DK98t0iX8jwb1aEwlPczC3RSrl+94kHjyKR42q97sxt6GS3aRFbL0B6VNyKkpIDnvOnvJK6Lhv6di9P+hkOuI2pwDGik+monk+c0L4+DdpuD/sFLby/F6seuZh0mc80ytjTlwvyVo56QIDAQABo1AwTjAdBgNVHQ4EFgQUQpdyh9B0jnEmUIjCLS8JQ1fbCdQwHwYDVR0jBBgwFoAUQpdyh9B0jnEmUIjCLS8JQ1fbCdQwDAYDVR0TBAUwAwEB/zANBgkqhkiG9w0BAQUFAAOCAQEASspjPd+YJfICLuHMxlSOdFyN/LHXa4D3gMaGdZj0kjAgb9fC8ufx8PrfWr73imgN48uv4Noc82VNrsQKxmFTW45NWww7BxxGM0pl1EXhyVe9QVHHbpMNCksWhneJOfOV5NJ6qq4NH1JrYH/nKQb5D623MCTSWNlnTF1TTpHkr3KkocwoNAMwiB64TKmv9d09+jHDCPr8C/gGZKPTT/bE3w4Ub9++RFohxVyqhSL1LnbDp4UHQneQ7Ut4bex9TMDn43rqGL+HdE6PrHMi/+ne2a+oSEpIRaguzA+0bFdt93rwLTznwnUAzdOggYFFk/Lmu9ePGL/Ow5HFMgNMZ9vATA==</ds:X509Certificate>
</ds:X509Data>
</ds:KeyInfo>
</ds:Signature>
<saml:Subject>
<saml:NameID SPNameQualifier="https://icsamlsdp.cc.ic.ac.uk/simplesaml/module.php/saml/sp/metadata.php/icsamltest2"
Format="urn:oasis:names:tc:SAML:2.0:nameid-format:uri"
>ab8b9ac11a0618d77bfbf2c3a420db50deffc46f</saml:NameID>
<saml:SubjectConfirmation Method="urn:oasis:names:tc:SAML:2.0:cm:bearer">
<saml:SubjectConfirmationData NotOnOrAfter="2013-06-17T12:01:45Z"
Recipient="https://icsamlsdp.cc.ic.ac.uk/simplesaml/module.php/saml/sp/metadata.php/icsamltest"
/>
</saml:SubjectConfirmation>
</saml:Subject>
<saml:Conditions NotBefore="2013-06-17T11:56:15Z"
NotOnOrAfter="2013-06-17T12:01:45Z"
>
<saml:AudienceRestriction>
<saml:Audience>https://icsamlsdp.cc.ic.ac.uk/simplesaml/module.php/saml/sp/metadata.php/icsamltest2</saml:Audience>
</saml:AudienceRestriction>
</saml:Conditions>
<saml:AuthnStatement AuthnInstant="2013-06-17T11:56:35Z"
SessionNotOnOrAfter="2013-06-17T19:56:45Z"
SessionIndex="_b3ce12c4752d7f9a52492305a1b4d6ee245d892801"
>
<saml:AuthnContext>
<saml:AuthnContextClassRef>urn:oasis:names:tc:SAML:2.0:ac:classes:Password</saml:AuthnContextClassRef>
</saml:AuthnContext>
</saml:AuthnStatement>
</saml:Assertion>
</samlp:Response>