Verifying signatures with OpenSAML V3
Here is the happy news of the day. Verifying a signature in OpenSAML V3 is done almost identical to how it is done in V2, is still very much relevant and worth checking out.
The only difference between the two version is that the SignatureValidator
is no longer instantiated. Instead the validate method of SignatureValidator
is now static and takes both the credentials and the signature object.
Below is the code for verifying signatures in OpenSAML V3
1SAMLSignatureProfileValidator profileValidator = new SAMLSignatureProfileValidator();
2profileValidator.validate(assertion.getSignature());
3SignatureValidator.validate(assertion.getSignature(), cred);