Yes, this is a bug that should be fixed.
Posted Date : 2008-08-06 18:40:46.0
This bug can cause applications that validate XML Signatures to fail.
It has been reported when validating signed SAML assertions, which is
a web services security feature supported by our products such as
This is a pretty serious bug without an obvious workaround. It is an easy, low risk fix and it has already been fixed in the Apache XMLSec code.
Posted Date : 2008-08-11 17:46:16.0