Comment 6 for bug 1610286

I tested mod-auth-mellon/lasso on xenial with testshib (http://www.testshib.org/) and ADFS (that comes with w2k12r2) on the idP side, including sha256 support https://dev.entrouvert.org/issues/10019 - I could successfully perform authentication and get to a protected page. Both Service Provider (mellon) and Identity Provider (shibboleth or ADFS) were TLS-terminated though this does not matter for the functionality under test.

Sample mellon metadata XML:
https://paste.ubuntu.com/p/cg7j6hrhm6/

Binding: "urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST"

libapache2-mod-auth-mellon 0.12.0-1
liblasso3 2.5.0-3ubuntu2