Verifying signatures with OpenSAML V3
Here is the happy news of the day. Verifying a signature in OpenSAML V3 is done almost identical to how it is done in V2, so the blog post on the process from OpenSAML V2 is still very much relevant and worth checking out.
The only difference between the two version is that the
SignatureValidator is no longer instantiated. Instead the validate method of
SignatureValidator is now static and takes both the credentials and the signature object.
Below is the code for verifying signatures in OpenSAML V3
1SAMLSignatureProfileValidator profileValidator = new SAMLSignatureProfileValidator(); 2profileValidator.validate(assertion.getSignature()); 3SignatureValidator.validate(assertion.getSignature(), cred);