OpenSAML user discussion

Hi,

I implemented a small project using an SAML response. I can sign the response 
and verify it using OpenSAML in Java: I do this (using stuts...)

public ActionForward execute(ActionMapping mapping, ActionForm form,
                        HttpServletRequest request, HttpServletResponse 
response)
                        throws Exception {
                String message = "";
                DynaActionForm myForm = (DynaActionForm) form;
                String target = myForm.getString("TARGET");
                String ticket = myForm.getString("SAMLResponse");
                
                KeyStore ks = KeyStore.getInstance("JKS");
                ks.load(new FileInputStream(filename), 
password.toCharArray());

                // This is only some testcode
                SAMLResponse r = SAMLPOSTProfile
                                .accept(
                                                ticket.getBytes(),
                                                
request.getRequestURL().toString(),
                                                60, true);
                SAMLAssertion sa = SAMLPOSTProfile.getSSOAssertion(r, 
Collections.singleton(target));
                if (!sa.isSigned()) 
                        message+="SSOAssertion is not signed. ";
                else{
                        message+="SSOAssertion is signed. ";
                        sa.verify();
                        sa.verify(ks.getCertificate(alias));
                }
                if (!r.isSigned()) 
                        message+="SAMLResponse is not signed.";
                else{
                        message+="SAMLResponse is signed.";
                        r.verify();
                        r.verify(ks.getCertificate(alias));
                }

                request.setAttribute("Message",message);
                request.setAttribute("TARGET", target);
                request.setAttribute("SAMLResponse", ticket);
                return mapping.findForward(FORWARD_display);
        }



But when I try to use signtest to test it, it says this:

caught a SAML exception: <Status xmlns="urn:oasis:names:tc:SAML:1.0:protocol" 
xmlns:samlp="urn:oasis:names:tc:SAML:1.0:protocol"><StatusCode 
Value="samlp:Responder"/><StatusMessage>failed to verify signature value: 
$1</StatusMessage><StatusDetail 
xmlns:opensaml="http://www.opensaml.org";><opensaml:ExceptionClass>org.opensaml.InvalidCryptoException</opensaml:ExceptionClass><opensaml:Param
 Name="1">Reference URI="#cba749ee786b9b91e3ddc9d252664987" failed to verify
RSA Validation of &lt;SignedInfo&gt; 
failed</opensaml:Param></StatusDetail></Status>

Any idea? Should I post the SAMLResponse itself?

Marc