ASVS Requirement 6.8.2

• Level: 2
• Chapter: V6 Authentication
• Section: V6.8 Authentication with an Identity Provider
• Source: 0x15-V6-Authentication.md

Description

Verify that the presence and integrity of digital signatures on authentication assertions (for example on JWTs or SAML assertions) are always validated, rejecting any assertions that are unsigned or have invalid signatures.