At this moment, we tell Lasso that we want all requests signed, and throw a 500 (should be 400 bad request, but that's another issue) when an unsigned SAML request comes in.
The problem here is that there are some widely used SPs (like Google SSO) that offer no way of sending signed requests.
We should think about how to handle this for interoperability.
The error thrown is: lasso.ProviderMissingPublicKeyError(-1500)
Actually, Google does provide signed assertions and a certificate to check them with.
Unless someone can list one that will refuse to, we can close this ticket.
resolution: => invalid
status: new => closed
to comment on this ticket.