Verifying signatures with OpenSAML V3

Here is the happy news of the day. Verifying a signature in OpenSAML V3 is done almost identical to how it is done in V2, so the blog post on the process from OpenSAML V2 is still very much relevant and worth checking out.

The only difference between the two version is that the SignatureValidator is no longer instantiated. Instead the validate method of SignatureValidator is now static and takes both the credentials and the signature object.

Below is the code for verifying signatures in OpenSAML V3

1SAMLSignatureProfileValidator profileValidator = new SAMLSignatureProfileValidator();
2profileValidator.validate(assertion.getSignature());
3SignatureValidator.validate(assertion.getSignature(), cred);

Ad

Want to quickly learn and understand OpenSAML?

Have a look on the book A guide to OpenSAML!