Every SAML object that implements the SignableXMLObject interface can be signed.
The signing of a SAML message is done in three steps. First, all the properties for the signature is put in a Signature object. Properties that can be set include singing credentials, algorithm and optionally a KeyInfo object. The KeyInfo object identifies what key should be used to verify the signature.
signature.setSigningCredential(credential); signature.setSignatureAlgorithm(SignatureConstants.ALGO_ID_SIGNATURE_RSA_SHA1); signature.setCanonicalizationAlgorithm(SignatureConstants.ALGO_ID_C14N_EXCL_OMIT_COMMENTS);The Signature object is then added to the SAML object using the setSignature method.
entityDescriptor.setSignature(signature); The second step is to marchal the object. This must be done before signing or else you will get a message like this.
SEVERE: Unable to compute signature, Signature XMLObject does not have the XMLSignature created during marshalling.
Element element = Configuration.getMarshallerFactory().getMarshaller(entityDescriptor).marshall(entityDescriptor);The third step is to perform the actual signing to produce a cryptographic signature, this is done with the Signer class.
Signer.signObject(signature);Here is how the signed object might look after signing and marshalling.
My book, A Guide to OpenSAML, explains in detail how to use the security features of SAML.