NOTE
The signature was valid. The company was wrong
I signed a SAML login for one test workspace and arrived as an administrator in another. Every cryptographic check passed. The application had forgotten to ask which company trusted the key
Read the dispatch