What are you trying to do?
If this is SAML or some sort of signed auth, yeah it’s kinda really important to verify that.
If it’s data that you’re ingesting, yeah you probably want to know who it came from. Otherwise anybody can send you junk data and overwrite your customer data (or whatever you’re importing).
If it’s some binary blob you’re running, yeah you should probably verify that signature is signed by somebody you trust.
What are you trying to do? If this is SAML or some sort of signed auth, yeah it’s kinda really important to verify that. If it’s data that you’re ingesting, yeah you probably want to know who it came from. Otherwise anybody can send you junk data and overwrite your customer data (or whatever you’re importing). If it’s some binary blob you’re running, yeah you should probably verify that signature is signed by somebody you trust.