The Conditions element is required even though it's optional in the specification

[ThePetrov]

The SAML specification describes the Conditions element as optional (section 2.3.3). While that element is very useful and greatly enhances security, it's technically not required. As there may be IdPs which don't include this element I think it's worthwhile to allow for that element to be absent from a valid SAML response.

[mauromol]

Please see my comment on your PR: #323 (comment)

The fact that the <Conditions> element is optional in general, doesn't mean that it's optional for the protocol and/or profile implemented by java-saml.
See, for instance section 1.1 of the SAML 2.0 Profile specification:

Another type of SAML profile defines a set of constraints on the use of a general SAML protocol or
assertion capability for a particular environment or context of use. Profiles of this nature may constrain
optionality, require the use of specific SAML functionality (for example, attributes, conditions, or bindings),
and in other respects define the processing rules to be followed by profile actors.

Web SSO is IMHO one of such profiles which adds further constraints on what the general schema says.

This of course does not prevent the implementation of an opt-in "less strict" behaviour, if the maintainers are willing.