* JC <
jcda...@gmail.com> [2017-01-04 22:14]:
> I know that according to the SAML 2.0 core specification it's explicitly
> disallowed to have an empty reference URI.
> But I want to know the behaviour of my SP when getting a SAML Response with
> an empty string as Reference URI.
Seems you want something other than a working (and conformant) SAML
IDP implementation. I.e., not SimpleSAMLphp itself.
Probably not even SimpleSAMLphp's split off SAML2 library
https://github.com/simplesamlphp/saml2 as I doubt that's built to
allow generating invalid protocol messages either.
-peter