- policy.setSecure(false);
-
- // Run the policy over the assertion. Handles issuer consistency, replay, freshness,
- // and signature verification, assuming the relevant rules are configured.
- policy.evaluate(*(*a));
-
+ policy.setAuthenticated(false);
+ policy.reset(true);
+
+ // Extract message bits and re-verify Issuer information.
+ extractMessageDetails(*(*a), samlconstants::SAML20P_NS, policy);
+
+ // Run the policy over the assertion. Handles replay, freshness, and
+ // signature verification, assuming the relevant rules are configured,
+ // along with condition and profile enforcement.
+ policy.evaluate(*(*a), &httpRequest);
+