The SAML filter currently only supports HTTP POST Binding, but there appears to be consumers sending in raw XML requests (i.e. unwrapped HTTP POST Binding requests) to Identity that we should continue to support until the consumers can get updated.
We're going to get rid of the check that requires the request to be form encoded. The filter will accept form encoded XML and XML (application/xml). We don't have to force XML requests to go through Flow 1 (i.e. if the issuer of an XML request is not in the list of legacy issuers, go through the Flow 2 logic).
- The filter processes an application/xml request the same way it would if the request was a form encoded XML request.