+ // Skip unsigned assertion?
+ if (!decrypted->getSignature() && requireSignedAssertions.first && requireSignedAssertions.second)
+ throw SecurityPolicyException("The incoming assertion was unsigned, violating local security policy.");
+
+ // Run the schema validators against the assertion, since it was hidden by encryption.
+ SchemaValidators.validate(decrypted.get());
+