Is there any guidance on tuning SAML. I was looking to see if I should use a particular crypto, configuration settings (i.e. disable callbacks/validator if not needed), caching options ( in my case all requests coming signed from same esb).
Thanks Mark
