github.com/crewjam/saml is vulnerable to authentication bypass. The vulnerability exists in multiple functions of service_provider.go
when processing SAML responses containing multiple assertion elements which allows an attacker to bypass the signature.