Verifying signatures with OpenSAML V3

Here is the happy news of the day. Verifying a signature in OpenSAML V3 is done almost identical to how it is done in V2, is still very much relevant and worth checking out.

The only difference between the two version is that the SignatureValidator is no longer instantiated. Instead the validate method of SignatureValidator is now static and takes both the credentials and the signature object.

Below is the code for verifying signatures in OpenSAML V3

1SAMLSignatureProfileValidator profileValidator = new SAMLSignatureProfileValidator();
2profileValidator.validate(assertion.getSignature());
3SignatureValidator.validate(assertion.getSignature(), cred);