Monday, November 12, 2012

Verifying signatures with OpenSAML

As the post about signing SAML messages discussed, it is very important to properly sign and verify messages in a SAML federation.

When verifying a signature of a message it is recommended to first validate the message with a SAML profile validator. This to ensure that the signature follows the standard for XML signatures. Afterwords the cryptography validation of the signatureis done by a SignatureValidator.

PS. This validation only performs a cryptographic validation of the signature. This means that it validates that the message has not been changed since it was signed. It does however not check that the certificate used for signing is trusted. To confirm the trust of the certificate in OpenSAML, a trust engine must be used in the validation.

The most common method to confirm the trust of a key is to compare it to the key recieved in SAML Metadata. This is generally done as a configuration step when setting up a SAML federation. This post gives more information on SAML Metadata

Here is a full example of the crytographic validation.

SAMLSignatureProfileValidator profileValidator = new SAMLSignatureProfileValidator();


SignatureValidator sigValidator = new SignatureValidator(cred);

SignatureValidator is instansiated with a credenial. in this case the credential basically contains the public key for the private key that was used to sign the message.
The credetial object can be obtained in a number of different ways. This post shows some methods in OpenSAML.
If the public key was sent in the message, it is very important to validate that you trust the key.

Further reading

My book, A Guide to OpenSAML, explains in detail how to use the security features of SAML and much more.

A Guide to OpenSAML V3


  1. Is there an easy way to verify a SAML 2 response with the certificate inside the signed response? Or do I have to parse the XML on my own and get the credentials and feed to SignatureValidator?

    The OpenSAML documentation is really difficult to follow and the code examples includes lots of method calls not included in the examples(!)

    1. I have not tried this and i do not have any good answer. Al I have is som hints and tips to help you search.

      There is something called a keyInfoCredentialResolver. This might help you to extrac the credentials needed to validate the signature.

      You will need to validate that the key in the message is signed by a CA you trust. This i sdone using trust engines. There is a short incomplete chapter about it in the documentation.

      If you figure it out, please post a comment telling me how you did it =)

  2. Thanks for the reply. It's reassuring to hear it's not something very simple I'm overlooking.

    I'll update these comments if I find a solution, but at the moment I'm probably just going to use an "out-of-band" metadata file instead.

  3. Hey Stefan,

    Thank you for all your entries on OpenSAML - they certainly helped. Even so, I'm still having issues verifying the SAML signature. I posted the question on stackoverflow ( - do you have any suggestions?

  4. Hi Stefan.

    Thank you very much for you posts about OpenSAML. I'm in the process of writing my own set of wrappers that pull the SAMLResponse from the header and perform my own validation based on:
    - checking the conditions
    - extracting the certificate from the assertion
    - compare the thumbprint OR compare against the idp metadata
    - verify the issuer
    - extract the name ID and attributes

    I'm wondering if you know of a wrapper library that does this work or if I should proceed creating my own?

    1. I know there are many implementations that can do this. But those are more ready applications like OpenAM and not libraries.

      This can be done with OpenSAML but requires alot of own work.

      Sorry I dont any such library. Pleas post a comment if you find one

  5. Hi Stefan,

    how can i get the public key from the assertion in java?

    1. Is the key contained in a KeyInfo element? In that case use a keyInfoCredentialResolver